No CVE and No Accountability - Ed Skoudis - PSW #851

Update: 2024-11-14

Description

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest.

Ed Skoudis joins us to announce this year's Holiday Hack Challenge!

Segment Resources:

https://sans.org/holidayhack

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-851

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More... - SWN #431

2024-11-1532:12

AI and the Autonomous SOC - Separating Hype from Reality - Justin Beals, Itai Tevet - ESW #384

2024-11-1501:56:05

No CVE and No Accountability - Ed Skoudis - PSW #851

2024-11-1402:43:50

Modernizing AppSec - Melinda Marks - ASW #307

2024-11-1201:09:29

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more... - SWN #430

2024-11-1233:19

How to Combat the CISO Mental Health Crisis - Ram Movva - BSW #372

2024-11-1258:23

Robo-Turing, BlueNoroff, Palo Alto, German Law, Fabric, Cisco, Bans, Aaran Leyland... - SWN #429

2024-11-0832:39

Cybersecurity Budgets: the Journey from Reactive to Proactive - Todd Thiemann, Theresa Lanowitz - ESW #383

2024-11-0802:01:03

Cybersecurity For Schools - Kayne McGladrey - PSW #850

2024-11-0702:47:43

Tariffs, Pygmy Goat, Schneider, SQLite, Deepfakes, Military AI, Josh Marpet... - SWN #428

2024-11-0632:53

$Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306$

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306

2024-11-0501:05:35

Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371

2024-11-0501:05:15

Recall, Russia, Win 10, Phish n Ships, Midnight Blizzard, Rob Allen, and More... - Rob Allen - SWN #427

2024-11-0436:50

What if securing buildings was as easy as your smartphone? - Damon McDougald, Blaine Frederick, Punit Minocha - ESW #382

2024-11-0402:06:19

Shadow IT and Security Debt - Dave Lewis - PSW #849

2024-10-3102:50:27

Halloween, TikTok, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more... - SWN #426

2024-10-3036:50

The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - David Bradbury, Erin Baudo Felter - BSW #370

2024-10-2901:03:37

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305

2024-10-2901:22:48

Tourists, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More... - SWN #425

2024-10-2535:07

Transforming the Defender's Dilemma into the Defender's Advantage - Charlotte Wylie, Bhawna Singh, Lenny Zeltser - ESW #381

2024-10-2501:50:15

00:00

No CVE and No Accountability - Ed Skoudis - PSW #851

#box-pro-ellipsis-173175815337638{-webkit-line-clamp:2;}No CVE and No Accountability - Ed Skoudis - PSW #851

No CVE and No Accountability - Ed Skoudis - PSW #851

No CVE and No Accountability - Ed Skoudis - PSW #851