application security

Parisa Tabriz of Google at Black Hat

Special Black Hat Coverage: Google’s Parisa Tabriz Says Don’t Be A Jerk

Podcast: Play in new window | Download (Duration: 29:46 — 34.1MB)Subscribe: Android | Email | Google Podcasts | RSSIn this special Black Hat edition of the Podcast, sponsored by UL: Parisa Tabriz, Google’s Director of Engineering for the Chrome Web browser, brought some strong medicine to Las Vegas for her Black Hat keynote speech. We talk about why her simple message was so groundbreaking. Also: Ken Modeste of UL joins us from the Black Hat briefings to talk about UL’s efforts to make cyber security as important to consumers in the 21st century as product safety was in the 20th.

Researchers Warn of Physics-Based Attacks on Sensors

Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. 

industrial machinery

Podcast: New Malware targets Industrial Safety Systems and Uncle Sam Bans Kaspersky – What Now?

Podcast: Play in new window | Download (Duration: 52:36 — 96.3MB)Subscribe: Android | Email | Google Podcasts | RSSIn our latest podcast: industrial security expert Joe Weiss talks to us about Triton, a new malware family targeting industrial safety systems. Also: Dave Aitel of the firm Immunity Inc. joins us again to talk about new legislation banning government agencies from using anti malware software by Kaspersky Lab. And, Alan Naumann* of the firm Contrast Security talks to us about the major insurance firm that  joined the latest round of investment in his company, and why application security is everybody’s problem. 

Top Secret

Podcast: Uber Breach Puts Focus on Securing DevOps Secrets

Podcast: Play in new window | Download (Duration: 24:17 — 44.5MB)Subscribe: Android | Email | Google Podcasts | RSSThe hack of Uber and the loss of information on 57 million customers is just the latest security incident stemming from what our guest Elizabeth Lawler calls “DevOps secrets” – valuable credentials, APIs and other sensitive information that often end up exposed to the public as a result of lax continuous development operations. In this Spotlight Edition* of The Security Ledger Podcast, sponsored by CyberArk, we talk with Elizabeth about how to contain DevOps secrets and secure the secret super user lurking in modern organizations: highly privileged application code. 

Furby Connect

Surveillance Under The Tree: Connected Device Audit Turns up Sensors, Security Holes

Sensors and security holes are common companions on a range of connected toys and consumer devices available to consumers this holiday season.