Paul's Security Weekly (Audio) SignalGate and How Not To Protect Secrets - PSW #867
Mar 27, 2025
In this engaging discussion, Sam Bowne, a guest expert in password security and data breaches, dives into pressing cybersecurity concerns. He reveals how vulnerabilities can go unpatched, leading to dire consequences. The podcast highlights alarming breaches, like Oracle's cloud hack, and casts a spotlight on the pitfalls of secure communication apps like Signal. Bowne emphasizes the need for better password practices and outlines the risks associated with genetic data from services like 23andMe. Plus, there's a whimsical cat prank script that adds a light-hearted twist!
AI Snips
Chapters
Transcript
Episode notes
Old CVEs Can Grow New Targets
- Vulnerabilities often change scope years later when researchers find the same flaw in additional products.
- Organizations and vendors rarely get automatic notification when CVE descriptions are expanded, creating blind spots.
Make SBOMs Practical And File-Aware
- Generate and track SBOMs that include file-level components and hashes when possible to help detect reused vulnerable binaries.
- Use tools that can consume large SBOMs and correlate components to known CVEs for ongoing vulnerability detection.
Signal Chat Leak Was An OPSEC Failure
- Officials used Signal for sensitive operational chats and accidentally added a reporter, causing the leak.
- The hosts argued this was an OPSEC failure driven by process and classification mistakes, not a cryptography flaw.