No CVE and No Accountability - Ed Skoudis - PSW #851

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest.

Ed Skoudis joins us to announce this year's Holiday Hack Challenge!

Segment Resources:

• https://sans.org/holidayhack

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-851