From Security Weekly WikiJump to navigationJump to search
Application Security Weekly Episode #115 - July 20, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Interview - Kris Rajana & Bhasker Nallapothula, Biarca - 12:30 PM
Mike Shema - Product Security Lead at Square
2. News - Application News - 01:00 PM
Mike Shema's Content:
- Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam that attracted lots of attention, second-guessing, and even a little bit of bitcoin. There's a lot of appsec to unpack, so we start with An update on our security incident from Twitter. For users, the NCSC has helpful guidelines for Social media: protecting what you publish.
- SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers shows once again the benefits of scrutinizing protocols and being clever with compression. Fans of giallo horror will know why I wish this was branded "Profondo Rosso" instead.
- Introducing Google Cloud Confidential Computing with Confidential VMs that follows Azure and AWS in addressing how to operate on encrypted data. Part of Google's announcement covers their new open source project that underpins this approach, Asylo.
- Internet of Things devices: Stick to these security rules or you could face a ban updates the progress of rules related to IoT that we last looked at in episode 93.