Episode 66: Kaspersky’s Cold War(e), encryption backdoors and IoT Legislation

Security Ledger Editor Paul Roberts speaks with Dave Aitel of Immunity Inc. about the controversy swirling around Russian antivirus firm Kaspersky Lab. Also: Bruce Schneier weighs in on the latest salvo in the war over strong encryption. Finally: Josh Corman of the firm PTC talks about recent hearings on Capitol Hill about guidelines for securing connected devices.

What can you tell about a company's security just by looking at it from the outside? A lot.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on. 

Episode 65: From the Outside In – Looking at firms like Deloitte through the Eyes of Hackers

Security Ledger Editor in Chief Paul Roberts discusses the breach at Deloitte and what can be learned about corporations’ security just by looking at them through the eyes of a hacker. His guests are Dan Tentler of the firm Phobos, who uncovered some embarrassing security lapses at Deloitte and Stephen Boyer of the firm BitSight, which rates companies based on their security posture.

An analysis of the code used in the CCleaner attack reveals similarities to an earlier APT group based in China.

Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night?

In the latest Security Ledger podcast, Paul speaks with Michael Gorelik of the firm Morphisec about the hack of security software vendor CCleaner – a hack that Gorelik’s firm discovered. CCleaner, he says, may just be the tip of the iceberg when it comes to supply chain hacks. And: “Alexa: have we been hacked by China?” Paul speaks with Grant Wernick of the firm Insight Engines, which is releasing a product this week that integrates the Splunk log management tool with Amazon’s voice assistant. 

Episode 64: CCleaner Supply Chain Attack and can Amazon Alexa tell you you’ve been hacked?

Security Ledger Editor in Chief Paul Roberts discusses last week’s attack on the security software CCLeaner with Michael Gorelik, the Chief Technology Officer at the firm Morphisec, which discovered the compromise. He says that CCleaner may be the tip of the iceberg in supply chain attacks. Also: Paul talks with Grant Wernick of Insight Engines about his company’s integration with Splunk and Amazon’s Echo. Are voice-based interfaces the future of security?