The "miracle" began Nov. 16, 1999, when Cherica Adams was shot four times in Charlotte, N.C. A hitman tried to murder Adams, the girlfriend of NFL star Rae Carruth, and their unborn son, Chancellor Lee. But the hitman failed. Now, a year-long investigation exposes stunning new details of the crime that shocked the sports world—and the impacts still being felt years later. Hosted by Charlotte Observer reporter Scott Fowler, who has covered this saga for 19 years.
…
continue reading
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject ...
…
continue reading
Intel 471's podcast with a twist! Join us for the first fully interactive threat hunting podcast where you can hang out with threat hunters from all over the world! Join a rag-tag bunch of threat hunters as they come out of the woods to explore some of the most burning issues related to cyber security. The Out of the Woods podcast is a casual talk covering the topics of threat hunting, security research, and threat intelligence, and some ranting and raving along the way, all over a cocktail ...
…
continue reading
1
Root Causes 428: .MOBI Attack Puts WHOIS-based DCV into Question
17:10
17:10
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
17:10
White hat researchers managed to take over WHOIS for the .mobi TLD. Among other things, this discovery foretells the death of WHOIS as a valid email source for Domain Control Validation (DCV).Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 434: Did Researchers Break AES Using Quantum Annealing?
11:43
11:43
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
11:43
News reports claim Chinese researchers broke AES with a quantum annealing computer. We clarify the details and talk about the implications of this reported discovery.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 433: Will AI Eat All the Electricity?
10:28
10:28
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
10:28
We explore the question of whether or not we have enough electricity to fuel AI's expected growth.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 432: Apple Floats New Short-lived Certificate Proposal
26:20
26:20
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
26:20
Apple recently floated a draft CABF ballot for commentary that steps down maximum term for SSL certificates starting next year and eventually landing at 45 days in 2027. We share the details.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 431: New Mozilla Proposal to Combat Delayed Revocation
28:10
28:10
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
28:10
Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior. In this episode we go over the proposal and explain its potential consequences.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep28: Date Your Data… Swipe Right
34:24
34:24
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
34:24
**[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malwa…
…
continue reading
1
Root Causes 430: How Does a TLS Handshake Work?
14:31
14:31
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
14:31
In this episode we give a high-level explanation of what happens in a TLS 1.3 handshake and then discuss what will happen when PQC is included.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep27: iCUP… Let's Talk Hygiene
41:10
41:10
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
41:10
**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-c…
…
continue reading
1
Root Causes 427: Mapping CLM to NIST CSF 2.0
15:46
15:46
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
15:46
In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
A certificate expiration is now known to have created July's outage of Bank of England. Join us as we shake our heads in amazement yet again.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 425: PQC Requirements for Voting Systems
10:53
10:53
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
10:53
In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 424: Using LoRA IoT Protocol for Clandestine Communications
11:43
11:43
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
11:43
In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network, and how it can be used for secret communications.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep26: WHOIS, or Not WHOIS…
38:30
38:30
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
38:30
**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-c…
…
continue reading
1
Root Causes 423: Is a Certificate Software or a Service?
18:28
18:28
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
18:28
In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration. We discuss revocation checking, CT logging, GAAP accounting, linters, certificate tracking tools, Certificate Lifecycle Management, standards bodies, post-quantum cryptography, and subscription models.…
…
continue reading
The Chrome root program has changed the date for the Entrust distrust. Join us to get the details.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 420: New Side Channel Attack Against YubiKeys
12:43
12:43
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
12:43
EUCLEAK, a newly revealed side channel vulnerability, can clone the contents of a YubiKey. We talk about the attack and its significance.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep25: Bad Extensions Level Up, Social Engineering Gets Social
35:07
35:07
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
35:07
**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea’s social engineering attacks on the crypto industr…
…
continue reading
1
Root Causes 419: What Happens to Vendors Who Don't Support ACME When 90-day Certificates Come?
16:14
16:14
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
16:14
Though it is the closest thing to an industry-standard API, there are still products and operating systems that don't support ACME. In this episode we explore what happens to these products once 90-day SSL certificates become the requirement.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 418: Moving from Cryptographic Homogeneity to Cryptographic Heterogeneity
18:25
18:25
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
18:25
One seldom discussed consequence of quantum computers and PQC is the move from cryptographic homogeneity to cryptographic heterogeneity, with multiple KEMs and DSAs eventually expected as ongoing standards. We examine the consequences of this change.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep24: Basic Techniques Used in Advanced Ways
36:46
36:46
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
36:46
In this episode of "Out of the Woods: The Threat Hunting Podcast," Scott and Tom dive into the latest threat hunting headlines for the week of September 2nd, 2024. They explore how basic techniques are being repurposed in advanced ways, such as using Google Sheets for command and control in a suspected espionage campaign and employing web dev to en…
…
continue reading
We introduce pkimetal, an open source project from Rob Stradling that allows CA to write to many popular linters with a single integration. We explain the importance and pitfalls of linters and how pkimetal improves linter implementation.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 416: SSL Subscriber Uses a Restraining Order to Prevent Revocation
22:39
22:39
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
22:39
An enterprise SSL subscriber recently used a Temporary Restraining Order to prevent the proper revocation of misissued certificates. We explain what happened, why it's deeply problematic, and how the industry might consider responding.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep23: Unique Executions... How Unique Are They?
40:10
40:10
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
40:10
In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-…
…
continue reading
1
Root Causes 415: What Can I Do with These New FIPS PQC Standards?
19:33
19:33
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
19:33
NIST recently released PQC algorithmic standards in FIPS-203, FIPS-204, and FIPS-205 (ML-KEM, ML-DSA, and SLH-DSA). We describe what is necessary for enterprises to begin using these algorithms.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 414: What Are the Revocation Periods for Public Certificates?
11:57
11:57
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
11:57
In this episode we detail the mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revocation deadline applies.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep22: Top 5 Threat Hunting Headlines - 19 Aug 2024
53:37
53:37
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
53:37
In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on c…
…
continue reading
On August 13, 2024, NIST released its first three standards for PQC algorithms, ML-KEM, ML-DSA, and SLH-DSA. We tell you where to find them and talk about what happens next.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep21: Top 5 Threat Hunting Headlines - 12 Aug 2024
55:06
55:06
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
55:06
Top 5 Threat Hunting Headlines - 12 Aug 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true 2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices https://reasonlabs.com/research/new-w…
…
continue reading
Cookies are incredibly useful but also pose grave privacy concerns. We have in the past covered Chrome's initiatives to replace cookies. Now Chrome has announced that for the foreseeable future cookies will remain. We explain.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 411: PQC Security Levels
20:28
20:28
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
20:28
A popular belief is that Grover's algorithm will require that we double our AES key sizes. Repeat guest Bas Westerbaan of Cloudflare explains why this myth is incorrect and talks through the concept of "security levels" in post-quantum cryptography.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 410: CrowdStrike, Automatic Updates, and Walled Gardens
15:28
15:28
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
15:28
We examine one specific aspect of the recent CrowdStrike flaw. Microsoft blames the problem on the fact that it must, by European law, allow kernel updates to Windows. We unpack the challenges this poses.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 409: Mozilla Distrusts Entrust
14:48
14:48
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
14:48
This week Mozilla chose to follow Chrome in deprecating the Entrust trusted roots. We give you the details and explain why this action matters.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep20: Top 5 Threat Hunting Headlines - 29 July 2024
1:08:40
1:08:40
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:08:40
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top …
…
continue reading
1
Root Causes 408: Takeaways from Recent Conversations with PQC Experts
13:02
13:02
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
13:02
In the past three months we featured far-ranging conversations about post-quantum cryptography (PQC) with experts Bas Westerbaan of Cloudflare, Dustin Moody of NIST, and Bruno Coulliard of Crypto4A. In this episode we recap important takeaways from these conversations.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep19: Top 5 Threat Hunting Headlines - 22 July 2024
1:01:12
1:01:12
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:12
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top …
…
continue reading
1
Root Causes 407: Whatever Happened to Passkeys?
13:25
13:25
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
13:25
WebAuthn arrived last year with great fanfare. But here we are in the latter half of 2024, and they are rarely used. In this episode we discuss why.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 406: Certificate Discovery Is for Internal Certificates, Too
18:15
18:15
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
18:15
When we discuss certificate discovery in CLM platforms, there is a common assumption that we're talking about public certificates exclusively. In this episode we explain the value of certificate discovery for internal PKI certificates also.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 405: What Is an Adversarial Self-replicating Prompt?
25:04
25:04
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
25:04
In this episode we explain what an adversarial, self-replicating prompt, otherwise known as a prompt worm.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep18: Top 5 Threat Hunting Headlines - 15 July 2024
39:32
39:32
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
39:32
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up …
…
continue reading
1
Root Causes 404: SCOTUS Ruling Will Change IT Security Regulation
16:05
16:05
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
16:05
The US Supreme Court has struck down the Chevron Deferment, which greatly expanded federal agencies' power to interpret and enforce statutes. This monumental ruling stands to shift power considerably from agencies to courts and will put more pressure on legislatures to determine precise laws around tech. We explore the consequences of this ruling.…
…
continue reading
1
Root Causes 403: NIST PQC Contest Round 4 and Onramp with Dustin Moody
21:33
21:33
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
21:33
We are joined again by Dustin Moody, who leads the NIST search for PQC algorithms. In this episode Dustin describes going-forward efforts, including Round 4 of the NIST contest and the Onramp. We discuss some of the candidate algorithms and the consequences of having multiple algorithms available for use.…
…
continue reading
1
Root Causes 402: New Social Engineering Powershell Attack
15:20
15:20
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
15:20
A new social engineering exploit instructs victims to enter command line prompts to hack themselves on behalf of the hacker. We explain and discuss potential responses.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 401: New SSH Remote Code Execution Vulnerability Revealed
10:19
10:19
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
10:19
A newly revealed OpenSSH vulnerability can open enterprises to remote code execution. We explain what is happening, why you should care, and what to do about it.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep17: Top 5 Threat Hunting Headlines - 1 July 2024
55:09
55:09
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
55:09
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up …
…
continue reading
1
Root Causes 400: French Court Orders DNS Poisoning
10:37
10:37
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
10:37
To combat piracy of sporting event transmissions, a French court has ordered major tech companies including Google and Cloudflare to poison DNS settings. In this episode we provide some detail and generally marvel at this strange decision.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 399: Entrust Distrusted
19:40
19:40
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
19:40
On June 27, 2024 Google Chrome announced it was distrusting Entrust as a public CA starting November 1, 2024. We explain what to expect, go over Google's stated reasons, and share some of what lead up to this.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
Root Causes 398: History of the NIST PQC Contest with Dustin Moody
25:33
25:33
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
25:33
In this episode we are joined by Dr. Dustin Moody, leader of the NIST post-quantum cryptography contest. Dustin gives us an inside view of the background behind NIST's decision to run the contest and how we got to where we are today.Tim Callan and Jason Soroko tarafından oluşturuldu
…
continue reading
1
S2 Ep16: Top 5 Threat Hunting Headlines - 24 June 2024
56:54
56:54
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
56:54
Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 25 June 2024 1. Positive Techno…
…
continue reading