
Episode 14 of the Security TL;DR podcast (6/7/2018), hosted by Drew Green, and sponsored by G-Factor Security. This episode was recorded live at the AGN NARM 2018 conference in Austin, TX. Drew is joined by Ken Pyle, a partner with DFDR Consulting, and Joe Martin, an IT professional with an accounting firm They discuss DNS security trends, IoT device and patching problems, and the latest news surrounding the VPNFilter botnet.
Jun 12, 2018
34 min

Episode 13 of the Security TL;DR podcast (3/29/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec). They discuss the latest developments regarding the vulnerabilities in AMD processor products, a bug with Microsoft's Meltdown and Spectre patches, and the ongoing privacy concerns surrounding Facebook.
Articles Referenced:
https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
https://threatpost.com/bad-microsoft-meltdown-patch-made-some-windows-systems-less-secure/130844/
https://threatpost.com/facebook-woes-continue-as-ftc-opens-data-privacy-probe/130788/
Mar 30, 2018
56 min

Episode 12 of the Security TL;DR podcast (3/16/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec). They discuss the newly announced vulnerabilities in AMD processor products, a bug with SAMBA, the free certificate authority Let's Encrypt and their latest product offering, and they critique a podcast where a victim of a security breach discusses their experiences and provides ill-informed recommendations.
Articles Referenced:
https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/
https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs
https://www.samba.org/samba/security/CVE-2018-1057.html
https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
Mar 19, 2018
47 min

Episode 11 of the Security TL;DR podcast (3/10/2018), hosted by Drew Green, sponsored by G-Factor Security (formerly TJTSec). He discusses the latest news on updates from Intel regarding the Spectre bug affecting all recent Intel CPUs, a SNAFU by a certificate reseller (and a dive into what certificates are and how they are involved with HTTPS web browsing), an certificate renewal oversight leading to downtime for the VR manufacturer Oculus, and Firefox's new support for managed enterprise environments.
Articles Referenced:
https://arstechnica.com/gadgets/2018/03/microsoft-will-soon-start-shipping-the-intel-spectre-microcode-fixes/
https://www.digicert.com/blog/digicert-statement-trustico-certificate-revocation/
https://www.pcgamer.com/every-oculus-rift-is-offline-thanks-to-an-expired-certificate/
https://bugzilla.mozilla.org/show_bug.cgi?id=1433136
Mar 10, 2018
37 min

Episode 10 of the Security TL;DR podcast (2/23/2018), hosted by Drew Green and Sam Blevins, sponsored by TJTSec. They discuss the latest bug affecting nearly all Apple devices, an interesting way a piece of malware hid in infected devices and communicated with the controlling attackers, the latest in "IRS Tax Scams", and a bug in Microsoft's Edge web browser.
Articles Referenced:
https://gizmodo.com/apple-is-rushing-to-fix-the-telugu-bug-as-assholes-use-1823070294
https://arstechnica.com/information-technology/2018/02/raw-sockets-backdoor-gives-attackers-complete-control-of-some-linux-servers/
https://krebsonsecurity.com/2018/02/irs-scam-leverages-hacked-tax-preparers-client-bank-accounts/
https://www.engadget.com/2018/02/19/google-project-zero-microsoft-edge-browser-vulnerability/?sr_source=Facebook
Feb 23, 2018
48 min

This is the ninth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec. They discuss the leak of iPhone source code from Apple, a Microsoft bug in Skype, and hardware encrypted flash drives.
Articles Referenced:
https://www.engadget.com/2018/02/08/crucial-iphone-source-code-posted-in-unprecedented-leak/?sr_source=Facebook
https://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/
Feb 16, 2018
39 min

This is the eigth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec. They discuss the non-technical ramifications of Uber's data breach from 2016, privacy surrounding the influx of IoT devices in homes, and a new IoT framework the Mozilla organization is developing to standardize the way smart devices operate and communicate.
Articles Referenced:
https://arstechnica.com/tech-policy/2018/02/uber-we-had-no-justification-for-covering-up-data-breach/
https://gizmodo.com/the-house-that-spied-on-me-1822429852
https://techcrunch.com/2018/02/06/mozilla-announces-an-open-framework-for-the-internet-of-things/
https://www.engadget.com/2018/02/08/crucial-iphone-source-code-posted-in-unprecedented-leak/?sr_source=Facebook
Feb 9, 2018
39 min

This is the seventh episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec. They discuss a vulnerability in a popular online dating app, some newly discovered vulnerabilities by a friend of Drew, and the security of IoT devices.
Articles Referenced:
https://threatpost.com/app-flaws-allow-snoops-to-spy-on-tinder-users-researchers-say/129625/
http://www.zdnet.com/article/5-nightmarish-attacks-that-show-the-risks-of-iot-security/
https://www.tomsguide.com/us/secure-smart-home-how-to,news-19380.html
Feb 5, 2018
38 min

This is the fifth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec. They discuss a tool to determine whether your system is patched against Meltdown and Spectre, the state of online privacy and ways to protect yourself from tracking, and a cool way an online service provider has come up with to create random data for use in encryption functions.
Articles Referenced:
https://www.grc.com/inspectre.htm
http://fieldguide.gizmodo.com/how-to-avoid-getting-tracked-as-you-browse-the-web-1821008719?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow
https://blog.cloudflare.com/randomness-101-lavarand-in-production/
Jan 26, 2018
55 min

This is the fifth episode of the Security TL;DR podcast, hosted by Drew Green and Sam Blevins, sponsored by TJTSec. They discuss a tool to determine whether your system is patched against Meltdown and Spectre, the state of online privacy and ways to protect yourself from tracking, and a cool way an online service provider has come up with to create random data for use in encryption functions.
Articles Referenced:
https://www.grc.com/inspectre.htm
http://fieldguide.gizmodo.com/how-to-avoid-getting-tracked-as-you-browse-the-web-1821008719?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow
https://blog.cloudflare.com/randomness-101-lavarand-in-production/
Jan 17, 2018
52 min
