ASW Episode07

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #7

Recorded March 2, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to and register using the code SW89AEE2 to get a $100 discount!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!
    • Security Weekly listeners save $100 off their registration for a full Conference Pass. Go to and use the discount code SecurityWeekly, and join us at SecureWorld Boston!
    • Keith has a Special Announcement - Bugcrowd is Hiring! After closing a Series C funding round at $26 Million, Bugcrowd will be expanding headcount across the organization. Checkout, or email to find out more


    1.) Facebook's Mandatory Malware Scan is an Intrusive Mess

    2.) Facebook Manipulated 689,003 Users' Emotions For Science

    3.) Facebook lost daily users for the first time ever in the U.S. and Canada

    Learning & Tools

    1.) GitLeaks: Check git repos for secrets and keys

    2.) Convert Unix Timestamps to Dates

    3.) Signal Sciences: The DevOps Roadmap for Security

    4.) Virtual Unreality


    Bugs, Breaches, and More!

    0.) New York is quietly working to prevent a major cyber attack that could bring down the financial system

    1.) The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

    2.) DigiCert Statement on Trustico Certificate Revocation

    3.) Critical Linux filesystem permissions are being changed by latest version of NPM

    4.) “Killer text bomb” crashed iPhones, iPads, Macs, and Apple Watches

    5.) 7900 Vulnerabilities Didn't Make It into the CVE Database in 2017

    If you build it, they will come

    0.) A problem Congress should solve

    1.) Duo Announces an Open Source AWS Visualization Tool "CloudMapper"

    2.) The Use of Counterfeit Code Signing Certificates Is on the Rise

    3.) FTC warning users to do homework before using VPN apps

    4.) Money Laundering Via Author Impersonation on Amazon?

    5.) GitHub Survived the Biggest DDoS Attack Ever Recorded

    Food for Thought

    0.) ‘Black Panther’ Inspires Disney to Fund a STEM Center in Oakland

    1.) Mark Cuban says studying philosophy may soon be worth more than computer science—here's why

    2.) Single Page Apps with Vue.js and Flask

    3.) How Exercise May Help the Memory Grow Stronger

    4.) World's Biggest Data Breaches

    5.) How to Suck At Information Security

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+