Uncategorized

Podcast: Play in new window | Download (Duration: 45:27 — 83.3MB)

Subscribe: Apple Podcasts | Spotify | RSS

In DevOps, there’s many great tools we appreciate – CI/CD workflows definitely being one of them. Github Workflows is one such tool, but vulnerabilities were recently found. Also, AT&T suffers a breach (and more!)

Relevant Articles

• Report Surfaces Thousands of Potential Vulnerabilities in GitHub Workflows
• Survey Finds Confidence in Data Security Despite Ransomware Scourge
• AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach
• AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again

Download Links

• MP3 version
• Ogg version

Podcast: Play in new window | Download (Duration: 35:52 — 65.7MB)

Subscribe: Apple Podcasts | Spotify | RSS

In this episode, Jay and Joao discuss the recent Exim news, which consists of several CVE’s. Also, they’ll discuss why it’s a good idea to make sure you audit the services that are running on your Linux server, and remove the ones you’re not using.

Thanks to TuxCare for sponsoring this podcast! Check them out and see how they can help alleviate administrative burdens while managing Linux servers.

Relevant Articles

• 90s Vulns In 90s Software (Exim) – Is the Sky Falling?
• Millions of Exim mail servers exposed to zero-day RCE attacks
• CVE-2023-4863 Detail
• Google assigns a CVE for libwebp and gives it a 10.0 score

Download Links

• MP3 version
• MP3 version (lower bitrate, smaller file size)
• Ogg version

Podcast: Play in new window | Download (Duration: 51:31 — 94.4MB)

Subscribe: Apple Podcasts | Spotify | RSS

In this episode, Jay and Joao talk about two recent news developments that may have important implications on the overall industry. First, In response to Microsoft’s recent Azure debacle, a US Senator calls for a probe to look into the matter. Second, our main story is yet another facepalm worthy idea from Google that aims to add “integrity” to our browsers, but it’s oddly lacking in said integrity and almost completely devoid of common sense. Google’s “Web Integrity Protection” seems to protect only their ad dollars while making browsing more tedious for the end-user. Will it pass? What is it exactly? Jay and Joao have all the answers in this episode!

Download Links

• MP3 version
• MP3 version (lower bitrate, smaller file size)
• Ogg version

Relevant Articles

• Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
• Senator calls for probe in Microsoft breach
• Vivaldi’s Take on Google’s “Web Integrity Protection”
• Ars Technica article on Web Integrity Protection
• Web Integrity Protection Github page

Podcast: Play in new window | Download (Duration: 38:31 — 70.6MB)

Subscribe: Apple Podcasts | Spotify | RSS

We’ve all heard the cloud referred to as “Someone Else’s Computer”, but what do you do if you find your data is on No One Else’s Computer? In this example, there was a happy ending (data was restored) but it’s still an important consideration all the same. What do you do if your cloud provider all of a sudden doesn’t have your data? In this episode, Jay and Joao discuss a recent situation in which Azure customers found themselves in a bit of a bad situation.

Relevant Articles

• This typo sparked a Microsoft Azure outage
• Azure DevOps Outage in South Brazil

Download Links

• MP3 version
• MP3 version (smaller file size, lower bitrate)
• Ogg version

Podcast: Play in new window | Download (Duration: 43:29 — 79.7MB)

Subscribe: Apple Podcasts | Spotify | RSS

Open Source Intelligence is a very interesting topic – it’s all about the things that might get unknowingly leaked, and this leaked information is perfectly legal to know and possess! The IP address that points to a domain, vacation photos on twitter, or even what you had for lunch can be used against you in order to build a profile. In this episode, Jay and Joao discuss OSINT and some tools that are commonly used to find it.

Download links

• MP3 version
• MP3 version (lower bitrate, lower file size)
• Ogg version