Supply Chain Security – Ivan Arce – PSW #781
We will talk about Supply chain security, the TPM 2.0 vulnerabilities recently discovered by a Quarkslab researcher, bugs in reference implementations, vulnerability disclosure and perhaps various other topics.
Segment Resources:
Vulnerabilities in the TPM2.0 reference implementation https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html
Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html
Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++
https://github.com/programa-stic/security-advisories/blob/master/ObjSys/CVE-2016-5080/README.md
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Guest
Ivan is Chief Research Officer at Quarkslab, a french infosec company specialized in services and products that require in-depth technical expertise, where he leads a cross-functional team that coordinates all the security research of the company.
He is an industry veteran with over 30 years in the infosec (now known as cybersecurity) community. He co-founded Core Security Inc., an argentinean cybersecurity company, in the mid 1990s, and was a very early guest of PSW.
He lives in Buenos Aires, Argentina
Hosts
