Podcast: Play in new window | Download (Duration: 39:57 — 45.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s podcast: researcher Kevin Fu of University of Michigan discusses his work on attacks that use physics to manipulate connected devices. Also: Mark Loveless of DUO discusses his research into how poor implementation of wireless protocols make personal security trackers a privacy risk. And have we seen peak ransomware? Adam Kujawa of the firm Malwarebytes joins us to talk about the findings of that company’s State of Malware Report.
In-brief: Intel has warned users not to install patches it released for the Spectre and Meltdown vulnerabilities in its processors, asking them to wait until it issues new software, which it’s working on now. Finding out your device has vulnerabilities is bad enough, but finding out the patched issued to fix them are “complete and utter garbage,” according to Linux creator Linus Torvalds, is even worse. This is what faced users of devices with Intel processors on Monday when Intel warned them not to install the patches the company already had released for the Spectre and Meltdown vulnerabilities. In a blog post, Navin Shenoy, Intel’s executive vice president and general manager of the Data Center Group, said the company had identified the root cause of a frequent-reboot problem that was affecting customers who’d installed its patches for these vulnerabilities. In the meantime, don’t install the patches nor tell customers or […]
Podcast: Play in new window | Download (Duration: 35:43 — 40.9MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes. Also: with CES raging in Las Vegas last week, we go deep with security researcher Jay Harris on flaws in connected toys being sold to children.
There has been plenty of (digital) ink spilled in recent days about widespread processor flaws known as “Meltdown” and “Spectre.” We round up five articles that will help you understand these security vulnerabilities, how they were discovered and their likely impact.
Podcast: Play in new window | Download (Duration: 24:17 — 44.5MB)Subscribe: Android | Email | Google Podcasts | RSSThe hack of Uber and the loss of information on 57 million customers is just the latest security incident stemming from what our guest Elizabeth Lawler calls “DevOps secrets” – valuable credentials, APIs and other sensitive information that often end up exposed to the public as a result of lax continuous development operations. In this Spotlight Edition* of The Security Ledger Podcast, sponsored by CyberArk, we talk with Elizabeth about how to contain DevOps secrets and secure the secret super user lurking in modern organizations: highly privileged application code.