ESW #281 – Aubrey Turner
Full Audio
View Show IndexSegments
1. Going Passwordless with Risk Signals – Aubrey Turner – ESW #281
Passwordless authentication is all the rage. And rightly so, given its promise of driving engagement and boosting productivity via more secure and frictionless user experiences. However, the path to passwordless often leads to more questions than answers. Don’t fret! We’ll offer a passwordless journey roadmap that delves into leveraging different risk signals like user behavior and device characteristics to make smarter authentication decisions.
Segment Resources: https://www.pingidentity.com/en/solutions/business-priority/passwordless.html https://download.pingidentity.com/public/assets/misc/en/3637-workforce-survey-passwordless-future.pdf
This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!
Sponsored By
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Aubrey Turner has extensive background successfully delivering strategic, enterprise cyber security solutions to Fortune 1000 companies that addresses business problems, strengthens organizations, reduces risk and delivers positive business outcomes. Aubrey has demonstrated rapport and consensus building with key stakeholders. Additionally, he has proven leadership, communication, management, collaboration and sales skills.
Hosts
2. Supply Chain Level 0: Grinding Tractors to a Halt – Sick Codes – ESW #281
Sick Codes hacked all four John Deere Telematics Gateway's, and the John Deere Gen4 Series Display. Without those, it's "just a tractor." However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.
Segment Resources: https://sick.codes https://github.com/sickcodes https://www.youtube.com/watch?v=zpouLO-GXLo https://hardwear.io/usa-2022/speakers/sick-codes.php
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
“Sick Codes” is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 25k+ stars, 300k+ downloads. I’ve spoken 2x at DEF CON 29, DEF CON 30, published 30+ CVEs, and do consulting and contracting.
Sick Codes will be speaking DEF CON Main Stage at DEF CON 30 August 11-14th, and recently spoke at Hardwear.io about one of the most ignored, yet highly relied on, pieces of critical infrastructure; the food supply chain.
Hosts
3. Whistleblowing, Pwnednomore, Robot Protection, Securing Embedded Devices, & Hatching – ESW #281
Finally, in the Enterprise Security News: HiveWatch raises $20M to protect the office, FORT Robotics raises $13M to protect the office from robots, Emproof raises €2M to secure embedded devices, Dutch startup OneWelcome acquired by Thales, Dutch startup Hatching acquired by Recorded Future, Pwnednomore aims to protect Web3, Cybersecurity vendors make us less secure And perverse incentives in whistleblowing!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: HiveWatch Raises $20M Series A Led by Former Twitter Executiveshttps://www.builtinla.com/2021/10/26/hivewatch-raises-20m-series-a-physical-security-sensor-software
- 2. FUNDING: FORT Robotics Closes On $13 Million In Funding
- 3. FUNDING: Push announces $4M seed round to drive user-centric security for SaaS
- 4. FUNDING: Emproof secures €2M from TIIN Capital, others to provide security solutions for embedded devices
- 5. ACQUISITIONS: Dutch startup OneWelcome acquired by Paris-based Thales for €100M: Here’s why
- 6. ACQUISITIONS: Dutch cybersecurity specialist Hatching acquired by US-based Recorded Future
- 7. ACQUISITIONS: Putting the Dee(Dee) in Defense: Huntress Acquires Curricula
- 8. NEW PRODUCTS: HiddenLayer emerges from stealth to protect AI models from attacks – TechCrunch
- 9. NEW PRODUCTS: Pwnednomore – one of the newest crypto builders from Alliance DAO’s demo day – TechCrunch
- 10. NEW PRODUCTS: Paladin Cloud launches open source platform – TechCrunch
- 11. TRENDS: How cybersecurity vendors make us less secure
- 12. LEGAL: Aerojet Rocketdyne to pay $9 mln to resolve U.S. cybersecurity allegations
- 13. SQUIRREL: Hands-On with Mojo Augmented Reality Contact Lens!https://youtu.be/cvgjVgmv5DM
