3 Security Buddies
8 episodes - English - Latest episode: almost 3 years ago - ★★★★★ - 5 ratingsWeekly podcast where three security buddies discuss security topics.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
3SB-8: Password Complexity
June 24, 2021 19:29 - 1 hour - 55.3 MBFollow up: No follow ups Topics: NIST changing password requirements Roundtable how we got into security + suggestions Paul Rant: Paul is on vacation. No Rants. Links: https://pages.nist.gov/800-63-3/sp800-63b.html https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutti @MrBrutti Special Guest: Travis McPeak @travismcpeak Post-Production: Matias Brutti @MrBrutti Disclaimer: The opinions and security...
3SB-7: 🍎 Security Worms
June 16, 2021 03:20 - 1 hour - 80.9 MBFollow up: US is elevating ransomware the same level of terrorism. Topics: Apple Security WWDC Move beyond passwords ( iCloud Keychain WebAuthN keys ) Discover account-driven User Enrollment Secure login with iCloud Keychain verification codes ( domain-binding apple-totp ) Polkit PrivEsc Growing abuse of Kubernetes (it’s not containers) Paul Rant: Apple Bug Report blackhole Links: https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism...
3SB-6: Dependency Hell
June 09, 2021 21:40 - 54 minutes - 50.2 MBFollow up: - Nothing this week Topics: Automated Fuzzing Testing in Go Stack Overflow Supply Chain Attacks Deps.dev Update on Github’s policies regarding exploits, malware, and vulnerability research Paul Rant: Pinning dependencies on Libraries Links: https://blog.golang.com/fuzz-beta https://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400 https://deps.dev https://github.blog/2021-06-04-updates-to-our-polic...
3SB-5: Hardware Apocalypses
June 03, 2021 06:08 - 1 hour - 60.1 MBFollow up: Vaxxed || Mask Rant Update WhatsApp will not be removing functionality. Topics: OpenSSL Rustification Data without context is useless AMD attacks on Virtual Machine Protection System. M1ssing Register Access Controls Leak EL0 State Paul Rant: QC35 switch is garbage. GARBAGE! Links: https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/ https://m1racles.com Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutt...
3SB-4: EuroCyberVision
May 26, 2021 06:30 - 1 hour - 60.5 MBEpisode Follow up: Codecov Mercari Audacity Open Source Telemetry Topics: WhatsApp: Give me your privacy or I will stop working. Russian Keyboard as a first line of defense Craig Federighi MacOS vs iOS Security Model Paul Rant: Vaxxed or Mask. Trust by Verify Rant by Matias Brutti. Links: https://about.mercari.com/en/press/news/articles/20210521_incident_report/ https://github.com/audacity/audacity/discussions/889 https://blog.malwarebytes.com/privacy-2/2021/05/whatsapp-ca...
3SB-3: Zero Trust Cyber
May 19, 2021 06:09 - 1 hour - 62.6 MBEpisode 2 Follow up: CodeCov continues to claim victims. Rapid7 & Twilio. Topics: Rob’s python adventures Alfredos mouse mic FragAttack CyberBattleSiem Paul Rant: ZeroTrust Executive Order By Robert Links: https://www.rapid7.com/blog/post/2021/05/13/rapid7s-response-to-codecov-incident/ https://www.twilio.com/blog/response-to-the-codecov-vulnerability https://github.com/ortegaalfredo/mousemic https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/fragattack-new-w...
3SB-2: BlockChain Tuna
May 11, 2021 03:30 - 1 hour - 60.1 MBEpisode 1 follow up: Signal continues to make the news. This time hacking Privacy Topics: CocoaPods Trunk: Remote Code Execution found Cosign - container image signing. TBONE hacking Tesla from a drone with zero clicks. SAML XML Injections Tinker Twitter threat on: real & physical occupational hazard for infosec. 1Password Secrets Automation Google mandatory MFA Paul’s rant: -blockchain tuna tracking Links: https://signal.org/blog/the-instagram-ads-you-will-never-see/ ht...
3SB-1: A New Beginning
May 04, 2021 02:24 - 47 minutes - 43.3 MBEpisode 0 follow up: - Signal legal consequences. Robert was right. Topics: Hypocrite commits Apple AirDrop PII leak ZK proof Vuln Disclosure Software RAID recovery rant by Paul Links: AirDrop Leak paper (https://www.usenix.org/system/files/sec21fall-heinrich.pdf) presented in August at the USENIX Security Symposium https://www.scmagazine.com/home/security-news/vulnerabilities/darpa-is-creating-zero-knowledge-proofs-for-vulnerability-disclosure/ Disclaimer: The opinions and secur...