logo
episode-header-image
Aug 2022
16m 37s

Episode 109 - Verify and Verify Again

Mark and Allen
About this episode

Making sure our #VoiceFirst applications are written securely and use secure components is important. And when one of those components has a security bug, it is important that we update it as soon as we can. Mark highlights a recent security vulnerability in the node-forge module, which is used by the alexa-verifier-middleware module. Mark and Allen then discuss what the verifier does and how we can be careful when it comes to using libraries.

Some references:

  • alexa-verifier-middleware: https://www.npmjs.com/package/alexa-verifier-middleware
  • Alexa verification: https://developer.amazon.com/en-US/docs/alexa/custom-skills/host-a-custom-skill-as-a-web-service.html#manually-verify-request-sent-by-alexa
  • Issues with node-forge: https://github.com/advisories/GHSA-x4jg-mjrx-434g
Up next
Jan 23
Episode 265 - Gemini's New Personal Intelligence: A Second Brain?
Allen and Mike discuss Google's new "Personal Intelligence" feature for Gemini. They explore how it connects to your personal data like Photos, Gmail, and Docs to provide context-aware answers. The conversation covers real-world use cases, privacy concerns regarding training data ... Show More
24m 4s
Jan 20
Episode 264 - AI, Context, and the "No-UI" Future
Allen Firstenberg welcomes back guest host Mike Wolfson, an Android Google Developer Expert, to discuss the shifting landscape of User Experience (UX) in the age of Artificial Intelligence. As we move toward autonomous agents and multimodal interactions—incorporating voice, hapti ... Show More
24m 41s
Jan 16
Episode 263 - Exploring the Parlant Agent Framework
In this episode, Mark introduces Allen to Parlant, an open-source framework for building agentic AI. They explore how Parlant differs from other frameworks like LangChain and LangGraph by using concepts like "journeys" for flexible conversation flows and "guidelines" for conditio ... Show More
37m 2s
Recommended Episodes
Aug 2024
D2DO249: The Anatomy of TLS 1.3 and Why You Should Risk It
Transport Layer Security (TLS) is today’s topic with guest Ed Harmoush. TLS plays a critical role in Internet security, and we dive into the differences between versions 1.2 and 1.3 In addition, Ed shares his journey into TLS, explains its components, and addresses common misconc ... Show More
36m 20s
Nov 2023
Episode 46: The SAML Ramble
Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes ... Show More
43m 40s
Sep 2024
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch ... Show More
1h 58m
Oct 2024
SN 994: Recall's Re-Rollout - Domain Security, Tor + Tails, VLC Update
The Linux remote code execution flaw The CRUCIAL importance of Domain Control Security Roskomnadzor strikes a discordant note VLC gets a security update Tor and Tails Merge Telegram changes its long-standing "zero cooperation" policy Enshittification Bobiverse book 5 Windows 10 n ... Show More
2h 16m
Aug 2024
Essential tools with critical security challenges. [Research Saturday]
Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources. The research highli ... Show More
22m 17s
Oct 2024
AI in Court: Testimony or Tech-tastrophe?
Send us a textCould AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern. We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store migh ... Show More
1h 14m
Aug 2025
Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities
In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistant ... Show More
11m 54s
Oct 2024
Navigating NIST CSF 2.0: Guide to Frameworks and Governance
<p>In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what i ... Show More
36m 29s
Feb 2024
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deceptio ... Show More
1h 39m
Listen to millions of songs and podcasts on Anghami