Security Weekly Podcast Network (Audio) Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet... - SWN #537
Dec 12, 2025
Join Josh Marpet, a seasoned security professional and regular contributor, as he delves into tech's hottest issues. He discusses China's dominance in key technologies and its implications for U.S. competitiveness. The duo also explore Disney's significant investment in OpenAI and the concerns surrounding IP rights for creators. Other hot topics include the risks of AI copilots, a newly exploited GOGS vulnerability, and the decline of traditional passwords in favor of passkeys. Tune in for a rollercoaster of insights!
AI Snips
Chapters
Transcript
Episode notes
Never Store Secrets In Docker Images
- Avoid embedding long-lived credentials inside container images or .env files that may be uploaded or shared publicly.
- Rotate keys and stop storing secrets in images to reduce the chance of exposed API tokens and leaked access.
Browser AI Can Ingest Your Uploaded Files
- Browser-embedded AIs can see pasted or uploaded files and may process sensitive data without explicit consent.
- Vendor claims of compartmentalization are not a substitute for assessing what data your browser AI actually accesses.
Switch To Phishing-Resistant Auth
- Adopt phishing-resistant authentication such as FIDO2, passkeys, and hardware security keys instead of SMS or TOTP alone.
- Refer to NIST SP 800-63B for guidance and disable password+SMS where phishing-forwarding is possible.