Podcast: Play in new window | Download (Duration: 25:24 — 29.1MB) | Embed
Subscribe: Google Podcasts | Email | RSS
In this Spotlight Podcast, we broadcast from the Black Hat Briefings in Las Vegas Nevada. Dan Timpson, the Chief Technology Officer at DigiCert* joins us to talk about some of the high profile hacks at this week’s “hacker summer camp” and the common weaknesses and security lapses that are common to all of them.
In this week’s episode of the Podcast, # 156: we’re back at “hacker summer camp” in Las Vegas this week – also known as the Black Hat, B-Sides and DEF CON conferences, which bring tens of thousands of the world’s top security experts to the Las Vegas Strip.
The three conferences, collectively, feature hundreds of presentations on security vulnerabilities, exploits and attacks on all manner of devices – from airplanes to vacuuming robots.
“What was a conversation about authentication on the web is now accelerated to all kinds of avenues in the ecosystem”– Dan Timpson, Chief Technology Officer, Digicert
Authentication, Encryption and Code Authenticity Core Issues
But if you look behind many of the security demonstrations, a common theme emerges: poor security designs and implementation centered on a trifecta of issues: authentication, encryption and code signing.
Our guest this week, Dan Timpson, sees this first hand at the Chief Technology Officer at DigiCert, one of the world’s largest certificate authorities. In this conversation with The Security Ledger, Dan and I dig into some of the hot talks at this year’s show and talk about the underlying security issues that inform them, including poor implementations of PKI technologies and, increasingly, threat modeling that is inadequate to the new context of the Internet of Things.
To start off, Dan and I talk about the shifting conversation about PKI and authentication that has come with the Internet of Things and how events like the Edward Snowden leak of data from the CIA changed the conversation about protecting sensitive data and authenticating transactions.
(*) Disclosure: This podcast was sponsored by Digicert. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.
Pingback: Episode 157: Do we need an FDA for Software? Also: operationalizing Threat Intelligence | Raymond Tec