Episode 180 - A Tale of Two Vulnerabilities
Open Source Security Podcast
English - January 27, 2020 01:01 - 31 minutes - 29.2 MB - ★★★★★ - 38 ratingsTechnology cybersecurity open opensource security source Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 179 - Google Project Zero and the 90 day clock
Next Episode: Episode 181 - The security of SIM swapping
Josh and Kurt talk about two recent vulnerabilities that have had very different outcomes. One was the Citrix remote code execution flaw. While the flaw is bad, the handling of the flaw was possibly worse than the flaw itself. The other was the Microsoft ECC encryption flaw. It was well handled even though it was hard to understand and it is a pretty big deal. As all these things go, fixing and disclosing vulnerabilities is hard.
Show Notes Microsoft flaw CVE-2020-0601 Citrix flaw CVE-2019-19781 Citrix mitigation instructions