Podcasts

China is altering vulnerability reports to cover up delays in disclosing serious security holes in common software.

Podcast Episode 87: Vulnerability Reports Down the Memory Hole in China and the Groups Hacking ICS

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Security Ledger Podcast (#87) we speak with Priscilla Moriuchi of the firm Recorded Future about China’s efforts to cover up delays in publishing information on serious and exploitable software security holes. Joe Slowick of the firm Dragos Security joins us to talk about the hacking groups targeting industrial control systems and Ken Munro of the firm Pen Test Partners tells us why the UK’s new report on securing the Internet of Things isn’t worth the paper it’s written on. 

US diplomats stationed in Cuba reported feeling ill after sonic attacks launched from a mysterious source. But is that what really happened? New research suggests maybe not. (Image courtesy of US embassy.)

Podcast Episode 86: Unraveling the Cuban Embassy’s Acoustic Mystery

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s episode of The Security Ledger Podcast (#86) we speak with Dr. Kevin Fu of the University of Michigan about research he conducted that casts doubts on reports of mysterious acoustic attacks on US embassy employees in Havana, Cuba. Also: Chip Block of Evolver talks about the Securities and Exchange Commission’s expanded cyber security guidance. And finally: thousands of radiologic sensors were deployed in the U.S. following the attacks of September 11 2001. We’ll look at new efforts to secure those systems from cyber attack.

Hacking diversity: the information security has a diversity problem. In recognition of Black History Month, we ask how to solve it.

Episode 85: Supply Chain Attacks and Hacking Diversity with Leon Johnson

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Podcast (#85), we’re joined by Adam Meyers of the firm CrowdStrike to talk about that company’s Global Threat Report for 2018. Also: we continue our observation of Black History Month in the US by talking to prominent information security professionals from the black community. This week, our guest is Leon Johnson, a principal pen tester at the firm Rapid 7 about becoming the first person in his family to go to college and then finding his way to information security.

Is there a right to hack voice assistants like Google Home? The Electronic Frontier Foundation thinks so. (Image courtesy of Google.)

Episode 84: Free Alexa! Cory Doctorow on jailbreaking Voice Assistants and hacking diversity with Rapid7’s Corey Thomas

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Security Ledger Podcast (#84): The 1990s era Digital Millennium Copyright Act made it a crime to subvert copy protections in software and hardware.  We speak with Cory Doctorow of the Electronic Frontier Foundation about his group’s efforts to win an exemption from that law for voice assistants like the Amazon Echo and Google Home. Also: February is Black History Month in the United States. We interview Corey Thomas, the Chief Executive Officer of the firm Rapid 7 about what it means to be a black man in the information security industry and about his path to the field.

The Winter Olympic Games at PyeongChang South Korea have been targeted by hackers. But who is doing it, and why? (Image courtesy of International Olympic Committee.)

Episode 83: Who is hacking the Olympics? Octoly’s Influencer Breach and Google plays HTTPS Hardball

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Security Ledger Podcast (#83): McAfee Chief Scientist Raj Samani talks to us about that company’s research into a string of targeted attacks on the organizers of the 2018 Winter Olympics in PyeongChang, South Korea. Also: information on 12,000 YouTube stars, Instagram power users and other online influencers was leaked online by the French firm Octoly. We interview Chris Vickery of UpGuard, who found the data trove. And: Google says it will start playing tough with web sites that haven’t made the cutover to secure HTTP come July. Jeremy Rowley of the firm DigiCert* joins us to talk about what that will mean for web sites that haven’t kicked the HTTP habit.