Professionally Evil Perspective

Categories

security
general

Archives

2022
September
August
July
June
May
April
March
February
January

2018
March

2017
October
July

2014
December
August
July
March
February
January

2013
October
September
August
July
June
May
April
March
February

January 2022
S M T W T F S
     
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31

Syndication

Episode notes and links:

FTC Log4j Warning

https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability

Federal Trade Commission Act

https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act

FTC Equifax Fines

https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement

Principle of Subsidiarity

https://en.wikipedia.org/wiki/Subsidiarity

Got suggestions, complaints or feedback?

Tell us at podcast@secureideas.com or reach out on Twitter:

https://twitter.com/sweaney

https://twitter.com/darth_kevin

https://twitter.com/secureideas

our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Direct download: PEP2.3.FTCUltimatum.m4a
Category:security -- posted at: 6:00am EDT

  

Open source developer corrupts widely-used libraries, affecting tons of projects
https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
NPM libraries in question:
https://github.com/Marak/colors.js https://github.com/marak/Faker.js/
Marek's post about no more free work: http://web.archive.org/web/20210704022108/https://github.com/Marak/faker.js/issues/1046
Leftpad issue from 2016 https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

Got suggestions, complaints, or feedback?
Tell us at podcast@secureideas.com or reach out on Twitter:
https://twitter.com/sweaney
https://twitter.com/darth_kevin
https://twitter.com/secureideas
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Direct download: PEP_2022_02_Podcast.m4a
Category:security -- posted at: 6:00am EDT

Jump back into a discussion of current events with Kevin and Nathan after a long break.  Packed with professional perspectives and opinions.  This week we dive a little deeper into Log4j.

Direct download: PEP_2022_01_Final.m4a
Category:security -- posted at: 4:09pm EDT

1