Security Conversations

Ep7: Crowd2K and the kernel, PKFail supply chain failures, Paris trains sabotage and Russian Olympic attacks

Aug 2, 2024

The discussion dives deep into CrowdStrike's Windows BSOD saga and the intricacies of kernel access. A critical look at the PKFail research reveals serious vulnerabilities in secure boot technology. Listeners are intrigued by cyber sabotage linked to European train services and the historical cyber attacks related to the Olympics, particularly with Russian involvement. The conversation emphasizes the need for transparency in cybersecurity and the growing importance of software vendor liability amid increasing geopolitical tensions.

01:10:03

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The podcast emphasizes the importance of transparency in cybersecurity incidents, spotlighting CrowdStrike's approach to improving communication regarding vulnerabilities.

Discussions on the PKFail supply chain vulnerabilities highlight the critical need for inspectability in security mechanisms to prevent bypasses.

The conversation addresses the ongoing debate around software vendor liability, particularly in light of Delta Airlines seeking damages from Microsoft and CrowdStrike.

Deep dives

Remote Work Trends

The discussion highlights the growing trend of remote work, particularly within the European context. With summer heat intensifying, the flexibility of working remotely has allowed many to choose picturesque locations, such as mountains or deserts, for their work environment. The speakers encourage listeners to explore similar options, suggesting that working from unique locales can enhance both productivity and lifestyle. This shift emphasizes the changing dynamics of work, where location becomes increasingly irrelevant to professional responsibilities.

Intro

2min

The Evolution of Black Hat and Current Cybersecurity Trends

2min

Exploring Vulnerabilities: Insights from Microsoft's Perspective

7min

Delta's Cybersecurity Challenges and Software Liability

6min

Challenges in Secure Boot Technology

21min

Sabotage and Cyber Threats Ahead of the Olympics

6min

Cyber Warfare and Geopolitical Tensions

18min

Prisoner Exchanges and Cybersecurity

9min

Three Buddy Problem - Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston’s technical documentation and issues around kernel access and OS resilience. We also discuss Binarly’s PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and the need for inspectability in security mechanisms.

The conversation explores cyber angles to train service disruptions in Paris, the history of cyber operations targeting the Olympics, the lack of public acknowledgment and attribution of cyber operations by Western intelligence agencies, and the importance of transparency and case studies in understanding and discussing cyber operations.

Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Links:

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Conversations

Ep7: Crowd2K and the kernel, PKFail supply chain failures, Paris trains sabotage and Russian Olympic attacks

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Remote Work Trends

Insights from Black Hat Conference

CrowdStrike Incident Analysis

Legal Ramifications for Delta Airlines

Challenges in Secure Boot Technology

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Conversations

Ep7: Crowd2K and the kernel, PKFail supply chain failures, Paris trains sabotage and Russian Olympic attacks

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Remote Work Trends

Insights from Black Hat Conference

CrowdStrike Incident Analysis

Legal Ramifications for Delta Airlines

Challenges in Secure Boot Technology

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights