Episode 14 of the Security TL;DR podcast (6/7/2018), hosted by Drew Green, and sponsored by G-Factor Security.  This episode was recorded live at the AGN NARM 2018 conference in Austin, TX. Drew is joined by Ken Pyle, a partner with DFDR Consulting, and Joe Martin, an IT professional with an accounting firm  They discuss DNS security trends, IoT device and patching problems, and the latest news surrounding the VPNFilter botnet.

Episode 13 of the Security TL;DR podcast (3/29/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec).  They discuss the latest developments regarding the vulnerabilities in AMD processor products, a bug with Microsoft's Meltdown and Spectre patches, and the ongoing privacy concerns surrounding Facebook.

Articles Referenced:

https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research

https://threatpost.com/bad-microsoft-meltdown-patch-made-some-windows-systems-less-secure/130844/

https://threatpost.com/facebook-woes-continue-as-ftc-opens-data-privacy-probe/130788/

 

Episode 12 of the Security TL;DR podcast (3/16/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec).  They discuss the newly announced vulnerabilities in AMD processor products, a bug with SAMBA, the free certificate authority Let's Encrypt and their latest product offering, and they critique a podcast where a victim of a security breach discusses their experiences and provides ill-informed recommendations.

Articles Referenced:

https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

https://www.samba.org/samba/security/CVE-2018-1057.html

https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579

 

Episode 11 of the Security TL;DR podcast (3/10/2018), hosted by Drew Green, sponsored by G-Factor Security (formerly TJTSec).  He discusses the latest news on updates from Intel regarding the Spectre bug affecting all recent Intel CPUs, a SNAFU by a certificate reseller (and a dive into what certificates are and how they are involved with HTTPS web browsing), an certificate renewal oversight leading to downtime for the VR manufacturer Oculus, and Firefox's new support for managed enterprise environments.

Articles Referenced:

https://arstechnica.com/gadgets/2018/03/microsoft-will-soon-start-shipping-the-intel-spectre-microcode-fixes/

https://www.digicert.com/blog/digicert-statement-trustico-certificate-revocation/

https://www.pcgamer.com/every-oculus-rift-is-offline-thanks-to-an-expired-certificate/

https://bugzilla.mozilla.org/show_bug.cgi?id=1433136

 

Episode 10 of the Security TL;DR podcast (2/23/2018), hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss the latest bug affecting nearly all Apple devices, an interesting way a piece of malware hid in infected devices and communicated with the controlling attackers, the latest in "IRS Tax Scams", and a bug in Microsoft's Edge web browser.

Articles Referenced:

https://gizmodo.com/apple-is-rushing-to-fix-the-telugu-bug-as-assholes-use-1823070294

https://arstechnica.com/information-technology/2018/02/raw-sockets-backdoor-gives-attackers-complete-control-of-some-linux-servers/

https://krebsonsecurity.com/2018/02/irs-scam-leverages-hacked-tax-preparers-client-bank-accounts/

https://www.engadget.com/2018/02/19/google-project-zero-microsoft-edge-browser-vulnerability/?sr_source=Facebook

 

This is the ninth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss the leak of iPhone source code from Apple, a Microsoft bug in Skype, and hardware encrypted flash drives.

Articles Referenced:

https://www.engadget.com/2018/02/08/crucial-iphone-source-code-posted-in-unprecedented-leak/?sr_source=Facebook

https://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/

This is the eigth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss the non-technical ramifications of Uber's data breach from 2016, privacy surrounding the influx of IoT devices in homes, and a new IoT framework the Mozilla organization is developing to standardize the way smart devices operate and communicate.

Articles Referenced:

https://arstechnica.com/tech-policy/2018/02/uber-we-had-no-justification-for-covering-up-data-breach/

https://gizmodo.com/the-house-that-spied-on-me-1822429852

https://techcrunch.com/2018/02/06/mozilla-announces-an-open-framework-for-the-internet-of-things/

https://www.engadget.com/2018/02/08/crucial-iphone-source-code-posted-in-unprecedented-leak/?sr_source=Facebook

This is the seventh episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss a vulnerability in a popular online dating app, some newly discovered vulnerabilities by a friend of Drew, and the security of IoT devices.

Articles Referenced:

https://threatpost.com/app-flaws-allow-snoops-to-spy-on-tinder-users-researchers-say/129625/

http://www.zdnet.com/article/5-nightmarish-attacks-that-show-the-risks-of-iot-security/

https://www.tomsguide.com/us/secure-smart-home-how-to,news-19380.html

This is the fifth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss a tool to determine whether your system is patched against Meltdown and Spectre, the state of online privacy and ways to protect yourself from tracking, and a cool way an online service provider has come up with to create random data for use in encryption functions.

Articles Referenced:

https://www.grc.com/inspectre.htm

http://fieldguide.gizmodo.com/how-to-avoid-getting-tracked-as-you-browse-the-web-1821008719?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow

https://blog.cloudflare.com/randomness-101-lavarand-in-production/

This is the fifth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss a tool to determine whether your system is patched against Meltdown and Spectre, the state of online privacy and ways to protect yourself from tracking, and a cool way an online service provider has come up with to create random data for use in encryption functions.

Articles Referenced:

https://www.grc.com/inspectre.htm

http://fieldguide.gizmodo.com/how-to-avoid-getting-tracked-as-you-browse-the-web-1821008719?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow

https://blog.cloudflare.com/randomness-101-lavarand-in-production/