Episode 27 > In Bloatware We TrustJun 20, 2016
Download the podcast’s audio directly here.
This Episode’s Articles:
Out-of-Box Exploitation: A Security Analysis of OEM Updaters
OEM laptop vendors for a long time have included their own bits of software in with retail sales. These bits included update mechanisms which appear to be poorly designed. Duo Security, a 2 factor auth company, looks into the matter and writes down their results.
Typosquatting in Programming Language Package Managers
Nikolai Tschacher, an undergraduate Informatics student from University of Hamburg, released a paper detailing his work at analyzing typos made by programmers when working with package managers. He furthers the work of a few earlier security researchers and his approach to collecting data for his research brings up questions on what is acceptable to collect.
SELinux is beyond saving at this point
Chris Siebenmann writes about SELinux’s usability nightmare and how it is beyond saving. When you are too hard headed to listen to your customers, you may be the one who is wrong.
Breach of the Week
Russians Hacking DNC Computers
A group of hackers, presumably Russian at this point-in-time, broke into the Democratic National Committe’s (DNC) servers and subsequently released a treasure drove of confidential documents out onto the Internet. What does this mean to folks in a corporate environment? Is APT1 now DNC1? Will we continue asking rhetorical questions you can’t answer?