software development

Laptop with Code on it

Spotlight Podcast: How Machine Learning is revolutionizing Application Fuzzing

In this Spotlight episode of the Podcast, sponsored* by ForAllSecure we speak with CEO David Brumley about application “fuzzing” and how advancements in machine learning technology are allowing security researchers to find more and more serious vulnerabilities faster. The challenge now, Brumley says, is to keep up with the machines.

Gilet jaune arrest

Episode 124: The Twitter Accounts Pushing French Protests. Also: social engineering the Software Supply Chain

In this week’s podcast (#124):  we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french “Yellow Vest” protests. Surprise, surprise: they’re not french. Also: Brian Fox of the firm Sonatype joins us to talk about the recent compromise of the Github event-stream project and why social engineering poses a real risk to the security of the software supply chain. 

Mark Zuckerberg, Facebook CEO

Podcast Episode 91: Fighting Fake News with or without Facebook and whats with all the Cryptojacking?

Podcast: Play in new window | Download (Duration: 24:05 — 27.6MB) | EmbedSubscribe: Android | Email | Google Podcasts | RSSIn this episode of The Security Ledger Podcast (#91): with Facebook CEO Mark Zuckerberg saying he will testify before Congress, we ask Harvard’s Matthew Baum about what Congressmen and women should ask him and how to best fight fake news. Also: Adam Kujawa of Malwarebytes updates us on that company’s latest quarterly threat report and helps us answer the question “what’s with all the cryptomining”?

Researchers Warn of Physics-Based Attacks on Sensors

Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. 

Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. (Editor’s note: added comment by Chris Clark. Aug 9 2017 – PFR)