Follow up:

• No follow ups

Topics:

• NIST changing password requirements
• Roundtable how we got into security + suggestions

Paul Rant:

• Paul is on vacation. No Rants.  

Links:

• https://pages.nist.gov/800-63-3/sp800-63b.html 
• https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords 

Hosts:

Paul Kehrer @reaperhulk

Robert Clark @hyakuhei

Matías Brutti @MrBrutti

Special Guest:

Travis McPeak @travismcpeak 

Post-Production:

Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Follow up:

• US is elevating ransomware the same level of terrorism.

Topics:

• Apple Security WWDC
• Move beyond passwords ( iCloud Keychain WebAuthN keys ) 
• Discover account-driven User Enrollment
• Secure login with iCloud Keychain verification codes ( domain-binding apple-totp )
• Polkit PrivEsc
• Growing abuse of Kubernetes (it’s not containers) 

Paul Rant:

• Apple Bug Report blackhole  

Links:

• https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ 
• https://threatpost.com/microsoft-cryptomining-kubeflow/166777/
• https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ 

Hosts:

Paul Kehrer @reaperhulk

Robert Clark @hyakuhei

Matías Brutti @MrBrutti

Post-Production:

Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

Follow up:

 - Nothing this week

Topics:

• Automated Fuzzing Testing in Go
• Stack Overflow Supply Chain Attacks
• Deps.dev
• Update on Github’s policies regarding exploits, malware, and vulnerability research

Paul Rant:

• Pinning dependencies on Libraries 

Links:

• https://blog.golang.com/fuzz-beta
• https://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400
• https://deps.dev
• https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/

Hosts:

Paul Kehrer @reaperhulk

Robert Clark @hyakuhei

Matías Brutti @MrBrutti

Post-Production:

Matias Brutti @MrBrutti

Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.