ASW Episode40

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #40

Recorded November 19, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Chronicle entitled "Intelligence Powered Malware Hunting". This webcast will be held December 5th @3-4pm EST. Go to securityweekly.com/chronicle to register now!
    • Sign up for Pandora Podcasting early access! Go to www.pandorapodcastbeta.splashthat.com to get access to our podcast on Pandora! The full release will be sometime in December.

    Interview: John Kinsella, Qualys

    John Kinsella
    is the Vice President of Container Security for Qualys.
    Previously co-founder and head of product at Layered Insight, John now leads container security engineering at Qualys after it’s acquisition of Layered Insight. His 20-year background includes security and network consulting, software development, and datacenter operations. John is active in Cloud Security Alliance, NIST, and CIS container security standards working groups, is a Member of the Apache Software Foundation, and a Linux user since 1992.


    News

    Bugs, Breaches, and More!

    1.) Instagram leaks passwords to the Public

    2.) Apple Warned about iPhone X Hack that Stole "Deleted" photo"

    3.) Clickjacking on Google MyAccount Worth $7,500

    If you Build It, They Will Come

    1.) Hacking Gmail's UX with From Fields

    2.) Researchers discover Seven new Meltdown and Spectre attacks

    3.) One and a half years of scanning GitHub for Sensitive Data

    Learning & Tools

    1.) James Wickett's thread on Open Source SAST options

    2.) Kraken: A cross-platform Yara scanner built for Windows, Mac, FreeBSD, and Linux

    3.) GitMiner: An advanced search tool for sensitive information stored in GitHub repos

    Food for Thought

    1.) What Surveillance Does to your Brain

    2.) A bot now tels Financial Times reporters if they're only quoting Men

    3.) CommitStrip: HTTP/3


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+