The Kazakhstan government is taking measures to force citizens to trust its own root, enabling the widespread persecution of dissidents, journalists, and human rights advocates. Join our hosts to learn the long history of Kazakhstan's weaponization of PKI, what its effects may be, and the opportunities and challenges the browser community faces in fighting it.
Security flaws in the device integrity modules of Cisco routers and other devices have lately filled the headlines. Join our hosts and guest Alan Grau as they discuss what is happening with these flaws, why, and what to do about it.
ACME is a new SSL certificate automation standard that is taking the world by storm. With support by 150 million web sites and more than 130 open source tools, ACME is a key tool in your digital certificate bag. Join our hosts and guest Abul Salek as they discuss this ACME, why it's important, and what's next for this hugely popular standard.
The German government has published a draft of its latest guidelines for safe browsers, which include requirements for how SSL certificates are supported and treated. Join our hosts as they discuss the German safer browser requirements and their potential impact on Germany, other governments, and industry worldwide.
The White House is the latest government entity seeking to defeat widespread encryption technology through legislated "back door" access. Join our hosts as they explain why such an idea is essentially unworkable and would endanger the confidential online business and personal services upon which we all depend.
One cornerstone of successful cryptography is entropy, or the ability to create genuinely unpredictable values. But it turns out that generating truly random numbers is harder than you might think. Join our hosts as they discuss the need for randomness, the lengths companies go to to generate random numbers, and the bad things that can happen when they fail.
Occasional certificate revocation is an essential part of the digital certificate lifecycle and any secure PKI scheme. Not only do certificate owners need the revoke their own certificates, but also CAs sometimes need to revoke certificates to keep trust high. Join our hosts as they discuss the whys and wherefores of revocation by the CA, especially as it relates to code signing and malware.
The world's energy grids and other utilities have increasingly become targets for cyber attack, both state-sponsored and otherwise. Join our hosts as they discuss the latest developments, possible consequences of cyber war against energy grids, and what we can do about it.
A recent spate of ransomware attacks against US municipalities is noteworthy for being enabled by the stolen US cyber weapon EternalBlue. Join our hosts as we explain this attack, its similarities to earlier incidents, and the whole syndrome of government-sponsored cyber war.
The state of Texas is leading the way with new legislation requiring cyber protections for its energy grid. Join our hosts as we explain this legislation, why it comes now, and its potential impact on the greater energy industry.
It was recently revealed that First American Title Corporation had 885 million confidential customer financial documents discoverable in the clear on its online site. These documents contain all the most sensitive information necessary for identity theft, spear phishing, and other exploits against individuals. Join our hosts as they discuss the details of this exposure, how it may have come about, and its potential consequences.
Mozilla has decided to remove a public CA from its trusted root store. By doing so Mozilla renders public certificates from this CA essentially valueless for almost all use cases. Join our hosts as the examine the reasons for this decision, how CA rules are made and maintained, and why an action like this one ultimately is healthy for the internet as a whole.
Recent news has revealed several important developments in PKI and cyber trust. Our hosts cover the latest SHA-1 collision attack and why it signals the inevitable death of this hashing algorithm. We explain TLS fingerprinting and how it enables malware to defeat firewall AI protections. And we walk through reports of a flaw in the implementation of secure elements on Cisco routers.
Sectigo's recent acquisition of Icon Labs expands the company's capabilities in embedded OEM and device identity. Jason and Tim are joined by Icon Labs co-founder Alan Grau as our podcasters explore the needs and potential vulnerabilities for connected devices and the suite of technologies that can address these security requirements.
DevOps as a software development and deployment methodology has radically transformed enterprise computing. This approach brings with it new architectures and tools such as containerization, Kubernetes, and multi-cloud. Learn how PKI plays a critical role in DevOps environments and how enterprises can best use certificates to keep their platforms safe.
Automation of certificate deployment and management is a must for today's enterprise. Complexity, changing environments, fast time to market, and simply scale all dictate that the old manual management methodology is dying away. Join our hosts as they detail the whys and hows of enterprise certificate automation. A must-listen for anyone seeking to understand this rapidly emerging technology space.
Recent research reveals millions of consumer IoT devices that lack any level of authentication or encryption at all. Join our hosts as we discuss the nature of IoT-based botnets and their negative consequences on enterprises, consumers, and the internet at large, including DDoS, phishing, and more.
The proliferation of Internet of Things (IoT) devices in many cases has outpaced security for those devices, leaving enterprises, end users, and the general public exposed. Learn how identity is an essential part of protecting any service involving IoT devices and how PKI is positioned to provide that identity.
It was a busy news week for PKI and authenticated identity, and our hosts run through four current stories to clarify them. Tune in to learn the latest about the Dragonblood WPA3 vulnerability, Russian spoofing of GPS/GNSS navigation signals, Know Your Customer (KYC) for social media sites, and a Chinese national's apparent attempt to install a USB rootkit somewhere in Mar-a-Lago.
With so much debate about the role and importance of authentication in digital systems, it is important to remember the purpose of authenticated identity in our cyber interactions. Join us for a discussion of who benefits from known identity, what can go wrong when identity is obscured, and why ecosystems must include incentives for members to participate in identity authentication.
