logo
episode-header-image
Aug 2022
16m 37s

Episode 109 - Verify and Verify Again

Mark and Allen
About this episode

Making sure our #VoiceFirst applications are written securely and use secure components is important. And when one of those components has a security bug, it is important that we update it as soon as we can. Mark highlights a recent security vulnerability in the node-forge module, which is used by the alexa-verifier-middleware module. Mark and Allen then discuss what the verifier does and how we can be careful when it comes to using libraries.

Some references:

  • alexa-verifier-middleware: https://www.npmjs.com/package/alexa-verifier-middleware
  • Alexa verification: https://developer.amazon.com/en-US/docs/alexa/custom-skills/host-a-custom-skill-as-a-web-service.html#manually-verify-request-sent-by-alexa
  • Issues with node-forge: https://github.com/advisories/GHSA-x4jg-mjrx-434g
Up next
Mar 5
Episode 270 - Beyond the Big Three: Open Models, Agents, & the Future of Devs
In part two of this insightful conversation, Allen and Sam Witteveen dive deep into the rapidly expanding world of AI models beyond the "big three." They explore the impact of open-weight and Chinese models like DeepSeek, Mistral, and Qwen, discussing their impressive efficiency ... Show More
49m 18s
Mar 3
Episode 269 - The "Big Three" AI Models and Training Evolution
In Part 1 of a two-part series, guest host Sam Witteveen joins Allen to catch up and dive deep into the rapidly evolving world of AI models. Sam shares his fascinating journey from being a successful pop songwriter to becoming a Machine Learning Google Developer Expert (GDE) and ... Show More
37m 34s
Feb 19
Episode 268 - The New @langchain/google Package
Allen has been busy! This week, he unveils the new `@langchain/google` package for LangChain JS. This major update consolidates five previous libraries into a single, standardized, and powerful tool for developers working with Gemini and Vertex AI. Allen walks Mark through the mo ... Show More
18m 7s
Recommended Episodes
Aug 2024
D2DO249: The Anatomy of TLS 1.3 and Why You Should Risk It
Transport Layer Security (TLS) is today’s topic with guest Ed Harmoush. TLS plays a critical role in Internet security, and we dive into the differences between versions 1.2 and 1.3 In addition, Ed shares his journey into TLS, explains its components, and addresses common misconc ... Show More
36m 20s
Nov 2023
Episode 46: The SAML Ramble
Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes ... Show More
43m 40s
Sep 2024
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch ... Show More
1h 58m
Oct 2024
SN 994: Recall's Re-Rollout - Domain Security, Tor + Tails, VLC Update
The Linux remote code execution flaw The CRUCIAL importance of Domain Control Security Roskomnadzor strikes a discordant note VLC gets a security update Tor and Tails Merge Telegram changes its long-standing "zero cooperation" policy Enshittification Bobiverse book 5 Windows 10 n ... Show More
2h 16m
Aug 2024
Essential tools with critical security challenges. [Research Saturday]
Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources. The research highli ... Show More
22m 17s
Oct 2024
AI in Court: Testimony or Tech-tastrophe?
Send a textCould AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern. We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might b ... Show More
1h 14m
Oct 2024
Navigating NIST CSF 2.0: Guide to Frameworks and Governance
<p>In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what i ... Show More
36m 29s
Sep 2025
Critical GoAnywhere bug exposed.
Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new ... Show More
29m 13s
Listen to millions of songs and podcasts on Anghami