Episode 1 follow up:
- Signal continues to make the news. This time hacking Privacy
Topics:
- CocoaPods Trunk: Remote Code Execution found
- Cosign - container image signing.
- TBONE hacking Tesla from a drone with zero clicks.
- SAML XML Injections
- Tinker Twitter threat on: real & physical occupational hazard for infosec.
- 1Password Secrets Automation
- Google mandatory MFA
Paul’s rant:
- -blockchain tuna tracking
Links:
- https://signal.org/blog/the-instagram-ads-you-will-never-see/
- https://blog.cocoapods.org/CocoaPods-Trunk-RCE/
- https://justi.cz/security/2021/04/20/cocoapods-rce.html
- https://blog.1password.com/introducing-secrets-automation/
- https://kunnamon.io/tbone/
- https://research.nccgroup.com/2021/03/29/saml-xml-injection/
- https://security.googleblog.com/2021/05/making-internet-more-secure-one-signed.html
- https://twitter.com/TinkerSec/status/1388107620574171140
- https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.