Difference between revisions of "ASWEpisode91"

From Paul's Security Weekly
Jump to: navigation, search
(News)
Line 35: Line 35:
 
===== Learning & Tools =====
 
===== Learning & Tools =====
 
* [https://threatpost.com/exploit-fully-breaks-sha-1/151697/ Exploit Fully Breaks SHA-1, Lowers the Attack Bar] because [https://eprint.iacr.org/2020/014.pdf SHA-1 is a Shambles]. Not that you shouldn't have already moved on from SHA-1 before these attacks became more practical and cheaper.
 
* [https://threatpost.com/exploit-fully-breaks-sha-1/151697/ Exploit Fully Breaks SHA-1, Lowers the Attack Bar] because [https://eprint.iacr.org/2020/014.pdf SHA-1 is a Shambles]. Not that you shouldn't have already moved on from SHA-1 before these attacks became more practical and cheaper.
 +
* [https://www.computerweekly.com/blog/Open-Source-Insider/The-open-source-licence-debate-comprehension-consternations-stipulation-frustrations The open source licence debate: comprehension consternations & stipulation frustrations]
  
 
===== Food for Thought =====
 
===== Food for Thought =====

Revision as of 17:00, 13 January 2020

Recorded January 6, 202 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Mike Shema
    is the Product Security Lead of Square.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.


    Interview: Hillel Solow, Check Point

    Hillel Solow is passionate about security innovation, and is currently driving product innovation and security as part of Check Point's CloudGuard Dome9 portfolio. Having been recently acquired by Check Point, Hillel was the CTO and co-founder of Protego Labs, the leader in code-centric security for serverless. Hillel was also CTO in Cisco’s IoT Security Group, where he worked on innovative security solutions for new technology markets.

    Segment Topic:
    The Evolution of DevSecOps and AppSec Trends in 20/20

    Segment Description:
    Much has evolved in a few short years with DevSecOps and application development and security. But just when we think we see everything clearly and have it all figured out, something new changes. Here we will discuss the unique ways organizations are leveraging serverless for their applications and how DevSecOps teams are working together to build out these architectures at a rapid pace in 2020.



    News

    Featured Flaws & Big Breaches
    Cloud, Code & Controls
    • 4 Ring Employees Fired For Spying on Customers reminds us that insider threats must be part of our product security threat models. It's also a callback to the "end-to-end security -- lifecycle protection" principle of privacy by design; enforce access controls and monitor and audit access to collected data.
    Learning & Tools
    Food for Thought


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+