3 Security Buddies

By: Paul Kehrer Robert Clark Matias Brutti
  • Summary

  • Weekly podcast where three security buddies discuss security topics.

    All rights reserved.
    Show More Show Less
activate_Holiday_promo_in_buybox_DT_T2
Episodes
  • 3SB-8: Password Complexity
    Jun 24 2021

    Follow up:

    • No follow ups


    Topics:

    • NIST changing password requirements
    • Roundtable how we got into security + suggestions


    Paul Rant:

    • Paul is on vacation. No Rants.  


    Links:

    • https://pages.nist.gov/800-63-3/sp800-63b.html 
    • https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords 


    Hosts:

    Paul Kehrer @reaperhulk

    Robert Clark @hyakuhei

    Matías Brutti @MrBrutti


    Special Guest:

    Travis McPeak @travismcpeak 


    Post-Production:

    Matias Brutti @MrBrutti


    Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 


    Show More Show Less
    1 hr
  • 3SB-7: 🍎 Security Worms
    Jun 16 2021

    Follow up:

    • US is elevating ransomware the same level of terrorism.


    Topics:

    • Apple Security WWDC
    • Move beyond passwords ( iCloud Keychain WebAuthN keys ) 
    • Discover account-driven User Enrollment
    • Secure login with iCloud Keychain verification codes ( domain-binding apple-totp )
    • Polkit PrivEsc
    • Growing abuse of Kubernetes (it’s not containers) 


    Paul Rant:

    • Apple Bug Report blackhole  


    Links:

    • https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ 
    • https://threatpost.com/microsoft-cryptomining-kubeflow/166777/
    • https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ 


    Hosts:

    Paul Kehrer @reaperhulk

    Robert Clark @hyakuhei

    Matías Brutti @MrBrutti


    Post-Production:

    Matias Brutti @MrBrutti


    Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

    Show More Show Less
    1 hr and 28 mins
  • 3SB-6: Dependency Hell
    Jun 9 2021

    Follow up:

     - Nothing this week


    Topics:

    • Automated Fuzzing Testing in Go
    • Stack Overflow Supply Chain Attacks
    • Deps.dev
    • Update on Github’s policies regarding exploits, malware, and vulnerability research

    Paul Rant:

    • Pinning dependencies on Libraries 


    Links:

    • https://blog.golang.com/fuzz-beta
    • https://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400
    • https://deps.dev
    • https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/


    Hosts:

    Paul Kehrer @reaperhulk

    Robert Clark @hyakuhei

    Matías Brutti @MrBrutti


    Post-Production:

    Matias Brutti @MrBrutti


    Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 


    Show More Show Less
    55 mins

What listeners say about 3 Security Buddies

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.