logo
episode-header-image
Sep 2023
58m 35s

Cruel Summer: hybrid signatures, Downfal...

Deirdre Connolly, Thomas Ptacek, David Adrian
About this episode

We're back from our summer vacation! We're covering a bunch of stuff we saw and did:

Transcript: 
https://securitycryptographywhatever.com/2023/09/13/cruel-summer/

Links:
- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html
- Downfall: https://downfall.page
- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html


"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Up next
Oct 31
Apple’s Memory Integrity Enforcement
Apple announced its new suite of memory security improvements from the top of the stack all the way to the bottom, so we dug through what they did and how they did it (performantly). Watch on YouTube: https://www.youtube.com/watch?v=9FJwOI2PliUTranscript: https://securitycryptogr ... Show More
56m 45s
Aug 23
Stop Using Encrypted Email with William Woodruff
There was a bug in an OpenPGP library which finally gave us an excuse to tear encrypted email via PGP to shreds. Our special guest William Woodruff joined us to help explain the vuln and indulge our gnashing of teeth on why email was never meant to be encrypted and how other mode ... Show More
1h 11m
Aug 16
Alex Gaynor
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020! Watch on YouTube: https://www.yout ... Show More
1h 25m
Recommended Episodes
Sep 2020
Episode 1: Post-Quantum TLS With KEMs Instead of Signatures!
TLS 1.3 has been widely praised as a major upgrade to the Transport Layer Security protocol responsible for securing the majority of Web traffic. But one area in which TLS 1.3 seems to be lacking is its potential for resistance to attacks that utilize quantum computing – computer ... Show More
35m 43s
Jan 2023
Episode 2: Exploit Writing & Automation / Do you need to know how to program to hack?
Episode 2: In this episode of Critical Thinking - Bug Bounty Podcast we talk about exploit writing/automation, some new tools released in the industry (Of-CORS), the age old question of "Do you have to know how to program to hack?", a walk-through of some very impactful bug bount ... Show More
1h 14m
Jul 2016
Daily & Week in Review: Classified info--goose sauce, gander sauce. Security industry buoyed by Avast, AVG.
In today’s podcast, we talk through the ramifications of Android encryption issues. Experts consider the implications of D-Link vulnerabilities for IoT security. The Wendy’s paycard breach has gotten much bigger. Familiar exploits circulate in the wild, and Mac backdoors make a c ... Show More
21m 34s
Mar 2021
S15:E6 - What is cryptography and how to get into it (Marcus Carey)
In this episode, we talk about cryptography with Marcus Carey, enterprise architect at ReliaQuest. Marcus talks about going to the military and learning cryptography, what cryptography is, and the foundational things you need to know in order to make sure the apps you’re building ... Show More
35m 36s
Mar 2023
SN 912: The NSA @ Home - LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty
Picture of the Week. Windows 11? ... anyone? As Plain as Ever. Edge's new built-in VPN? LastPass Incident Update. Signal says NO to the UK. More PyPI troubles. The QNAP bug bounty program. SpinRite. The NSA @ Home. Show Notes: https://www.grc.com/sn/SN-912-Notes.pdf   Hosts: Stev ... Show More
1h 44m
Aug 2023
Episode 32: The Great Write-up Low-down
Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing ... Show More
1h 1m
Apr 2023
SN 918: A Dangerous Interpretation - H26FORGE, Privatized ChatGPT, Mozilla Site Breach Monitor
Picture of the Week. Microsoft and Fortra go on the offensive. Can ChatGPT keep a secret? Apple updates their OS's. Wordpress under attack... again. Mozilla's Site Breach Monitor. Another ChatGPT investigation. Samsung handsets reaching EoL. Less access for loan apps. The right t ... Show More
2h 4m
Mar 2023
Episode 13: How to Find a Good BBP + Acropalypse + ZDI
Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a ... Show More
1h 16m
May 2022
Cyberguerres : les secrets de ces conflits invisibles [Hors-série Techup]
Les conflits se développent dans le cyberespace, mais qu'est-ce que ça veut dire ? Quels sont les enjeux ? On fait le point avec Laurent Celerier (VP Orange Cyberdéfense) et Baptsite Robert (Hacker éthique, expert en cybersécurité).Extrait du hors-série "Techup", en partenariat a ... Show More
26m 47s
Listen to millions of songs and podcasts on Anghami