Three Buddy Problem LIVE from Ring0 COUNTERMEASURE: Google v FFmpeg, Ransomware Turncoats, Samsung 0days
Nov 10, 2025
This engaging conversation dives into the rising tension between Google and FFmpeg over open-source patching. The hosts discuss the legal repercussions facing ransomware negotiators, highlighting insider risks. A mysterious APT attack named LANDFALL is revealed, linked to a Samsung mobile zero-day. They also touch on the potential ban of TP-Link in the U.S., exploring security implications in consumer hardware. With insights into AI-driven bug reports and their impact on maintainers, the episode is packed with timely tech discussions!
AI Snips
Chapters
Transcript
Episode notes
Trust Is A Dangerous Attack Vector
- Ransomware negotiators can exploit their trusted access to victims during incident response.
- That trust and access make insider-abuse a uniquely dangerous attack vector for critical sectors like healthcare.
AV Hiring Rules To Avoid The Dark Side
- Costin described strict AV hiring policies that rejected candidates with malware histories.
- He used that to explain why some security firms historically avoided hiring offensive actors to reduce insider risk.
AI Bug Hunting Overloads Maintainers
- Big vendors using AI to find bugs can overwhelm volunteer OSS maintainers with reports.
- Maintainers expect patches or help downstream, not public shaming without a supplied fix.