supply chain

application code on screen

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

Supply chain hacks like ME Docs and ASUS aren’t inevitable. In this Spotlight Podcast, sponsored by Trusted Computing Group, I speak with Dennis Mattoon, a Principal Researcher at Microsoft Research and the Chairman of the Trusted Computing Group’s DICE Architectures Working Group* about how strong device identities for IoT endpoints can stop supply chain compromises.

Asus ShadowHammer suggests Supply Chain Hacks are the New Normal

The compromise of device maker Asus Live Update Utility is just the latest evidence that sophisticated attackers have software supply chains in the crosshairs.

More Questions as Expert Recreates Chinese Super Micro Hardware Hack

Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Supermicro hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack.  

Podcast Episode 127: Donnie, Talk to China and Other Lessons from 2018

In this week’s podcast: as 2018 winds down, we invited David Aitel, the Chief Security Technical Officer at Cyxtera Technologies, to talk about the biggest stories of the year, including the supply chain attack on Super Micro, China’s continued attacks on western firms, U.S. indictments of Russian and Chinese hackers and what 2019 may have in store. 

Gilet jaune arrest

Episode 124: The Twitter Accounts Pushing French Protests. Also: social engineering the Software Supply Chain

In this week’s podcast (#124):  we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french “Yellow Vest” protests. Surprise, surprise: they’re not french. Also: Brian Fox of the firm Sonatype joins us to talk about the recent compromise of the Github event-stream project and why social engineering poses a real risk to the security of the software supply chain.