Vulnerability management, Critical infrastructure, Third-party risk

Linux and FOSS Supply Chain Issues – Hal Pomeranz – PSW #772

February 8, 2023

Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors?

Segment Resources: https://github.com/evilsocket/opensnitch https://securityonionsolutions.com/software/ https://deer-run.com/users/hal/ https://archive.org/details/HalLinuxForensics

Full episode and show notes

Announcements

Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!

Guest

Hal Pomeranz

Consultant at Deer Run Associates

damage#5067

A dynamic and experienced technology authority, Hal Pomeranz is the Founder and Technical Lead of Deer Run Associates, a consulting company focusing on Computer Forensic Investigations and Information Security. He has spent more than twenty years providing pragmatic Information Technology and Security solutions for some of the world’s largest commercial, government, and academic institutions. An expert in the investigation of Linux/Unix systems, Hal has provided Computer Forensic investigative support for several high-profile cases to both law enforcement and commercial clients.

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Josh Marpet

Executive Director at RM-ISAO

Mandy Logan

Brainstem Hacker and InfoSec Enthusiast at Redacted

survivatrix#0613

Sam Bowne

Founder at Infosec Decoded, Inc.

https://samsclass.info/

Vulnerability management

Armoring the Unified Extensible Firmware Interface (UEFI), from Standards to Open Source – Vincent Zimmer – BTS #6

March 22, 2023

This session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It will include the development of defenses like UEFI Secure Boot and the challenges in scaling assurance across a broad ecosystem. It will close on works-in-progress and opportunities to build upon the s...

Vulnerability management

7″ Laptop, Trojans in Chips, Samsung’s Faux Moon, & The 4 C’s – PSW #777

March 22, 2023

In the Security News: Windows MSI tomfoolery, curl turns 8...point owe, who doesn't need a 7" laptop, glitching the ESP, your image really isn't redacted or cropped, brute forcing pins, SSRF and Lightsail, reversing D-Link firmware for the win, ICMP RCE OMG (but not really), update your Pixel and Samsung, hacking ATMs in 2023, breaking down Fortine...

Threat intelligence

Vulnerability Research (& Other “Things”) – Nico Waisman – PSW #777

March 22, 2023

We sit down with Nico Waisman to discuss vulnerability research and other security-related topics!

Linux and FOSS Supply Chain Issues – Hal Pomeranz – PSW #772

Announcements

Guest

Hosts

Related

Armoring the Unified Extensible Firmware Interface (UEFI), from Standards to Open Source – Vincent Zimmer – BTS #6

7″ Laptop, Trojans in Chips, Samsung’s Faux Moon, & The 4 C’s – PSW #777

Vulnerability Research (& Other “Things”) – Nico Waisman – PSW #777