Podcasts about Authentication

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.   In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

This episode of Wrist Check Podcast, brought to you by luxury watch marketplace Bezel, dives deep into the numbers behind the wrist game. Perri and Rashawn break down the latest Bezel Report, revealing how buyers and sellers are shaping the market—from the most in-demand metals to which eras of iconic models are rising or falling in favor. They also explore the growing concern around counterfeits, surprising brand sell-outs, and what collectors are really asking for. Tune in for an insightful, data-driven conversation, layered with real-world anecdotes from the community.Powered by @getbezel Shop 20,000+ watches at getbezel.com, and Download the Bezel app at download.getbezel.com⁠⁠⁠⁠⁠⁠⁠⁠SUBSCRIBE⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ to get the latest Wrist Check Pod content ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Follow us on instagram⁠⁠⁠Chapters00:00 - Intro01:21 - Rashawn's Wrist Check03:26 - Perri's Wrist Check08:27 - What Is The Bezel Report10:28 - Authentication vs Rejection Rates12:02 - Counterfeit Watches16:08 - Rejections By Brand20:30 - Identifying Fake Watches25:53 - Requests By Brand33:41 - Sales By Brand 40:12 - Most Requested Decades For Watches46:19 - Sales By Case Size51:25 - Sales By Case Material55:29 - Tariffs Impact57:16 - Summary01:03:27 - Outro

“The simple believe everything, but the prudent give thought to their steps.” — Proverbs 14:15In an age where scams are becoming more sophisticated by the day, Scripture reminds us that discernment isn't optional—it's essential. As believers, protecting the resources God has entrusted to us is more than a practical concern—it's an act of stewardship. Here's how you can guard your finances with wisdom, not fear.Scams Are Everywhere—But So Is WisdomFraudsters use every channel available: phone calls, text messages, emails, and even impersonations of people you trust. But as followers of Christ, we're not called to panic. We're called to walk in wisdom (Ephesians 5:15). That begins with slowing down and thinking critically.Pause before you respond. Scammers rely on urgency. If someone pressures you to act immediately—whether claiming your account is locked or your money is at risk—take a step back. Hang up. Verify the source independently. Urgency is often a red flag. Avoid untraceable payments. No legitimate organization will ask for payment via wire transfer or gift cards. These are the preferred tools of scammers because they're nearly impossible to recover.Practical Steps for Digital ProtectionFinancial stewardship now includes digital awareness. Here are practical ways to protect yourself and your family:Use credit cards, not debit cards, for online purchases. Credit cards usually come with stronger fraud protection. Enable two-factor authentication (2FA) on all your financial accounts. Even if a scammer gets your password, they can't access your account without a second form of verification. Don't reuse passwords. Use a secure password manager, such as Bitwarden or NordPass, to create and store strong, unique passwords. Set up account alerts. Most banks allow you to monitor activity in real-time, giving you a heads-up if something unusual occurs. Freeze your credit. It's free to do and offers one of the best defenses against identity theft. You can always unfreeze it temporarily when needed. Avoid public Wi-Fi for financial transactions. Wait until you're on a secure network or at home to check your bank accounts or make purchases. Limit what you share on social media. Personal details, such as birthdays or family names, can be used to guess passwords or security questions. Adjust your privacy settings and post wisely. Shred sensitive documents before discarding them. Even in the digital age, identity thieves still dig through trash. Don't click on unfamiliar links, even if they appear to come from someone you know. When in doubt, contact the person or organization directly for clarification.Stewarding Wisdom in CommunityScammers often target the vulnerable, particularly older adults and teenagers. So make this a shared effort. Discuss online fraud with your family. Equip them with knowledge. If you receive a letter or email about identity protection following a data breach, verify it by contacting the company directly, rather than through the provided link or number.Financial faithfulness today includes digital vigilance. But there's no need for fear. By taking these simple steps, you can walk confidently, knowing you're stewarding God's resources with care.A Tool for Wise Stewardship: The FaithFi AppLooking for a practical way to manage your money with wisdom and peace of mind? The FaithFi app is a secure tool that helps you track your spending, plan your giving, and align your finances with biblical values. With 256-bit encryption, your data is protected, and your login credentials are never stored. FaithFi Pro users also receive exclusive articles, digital devotionals, and daily encouragement.Visit FaithFi.com and click “App” or search “FaithFi” in your app store to get started today.Steward your finances wisely. Protect what God has entrusted to you. And walk in peace, not panic.On Today's Program, Rob Answers Listener Questions:My 14-year-old son just started his first full-time summer job, working around 37 to 40 hours a week. I'd like to help him get started with investing and am considering opening a Roth IRA in his name. What's the best way to set that up, and where should we go to open the account?We're debt-free and recently bought a home. Our current vehicle is paid off, but we're thinking about adding a second car with a monthly payment of around $500. I'm a little uneasy about the added expense. How can we determine if this is a wise financial move for us at this time?Resources Mentioned:Faithful Steward: FaithFi's New Quarterly Magazine (Become a FaithFi Partner)The Money Challenge for Teens: Prepare for College, Run from Debt, and Live Generously by Dr. Art RainerThe Finish Line PledgeSchwab Intelligent Portfolios | BettermentBitwarden | NordPassWisdom Over Wealth: 12 Lessons from Ecclesiastes on MoneyLook At The Sparrows: A 21-Day Devotional on Financial Fear and AnxietyRich Toward God: A Study on the Parable of the Rich FoolFind a Certified Kingdom Advisor (CKA) or Certified Christian Financial Counselor (CertCFC)FaithFi App Remember, you can call in to ask your questions most days at (800) 525-7000. Faith & Finance is also available on the Moody Radio Network and American Family Radio. Visit our website at FaithFi.com where you can join the FaithFi Community and give as we expand our outreach.

Episode Title: Market Resilience, Counterfeit Realities, and the Future of Authentication with Perry Nguyen of Check Check Show Notes: In this episode, I'm joined by Perry Nguyen with Check Check, a cutting-edge digital authentication platform reshaping the luxury resale landscape. Our conversation explores the parallels between nature's most resilient species and the dynamic, ever-evolving global marketplace, particularly the explosive growth of luxury resale and the counterfeit economy. Perry shares how Check Check leverages a global team of expert authenticators to verify high-value goods, including sneakers, designer items, and collectibles. With the rise of “super fakes” and consumer trust hanging in the balance, Perry explains why real-time, mobile-first authentication is no longer a luxury—it's a necessity. We dig into Perry's fascinating career journey—from scaling a cannabis startup from zero to $11M in sales, to lobbying Congress (cowboy hat and all) in support of a groundbreaking antifungal vaccine for animals. His background in the music industry also adds a creative twist to his leadership style, which I found incredibly relatable. Perry also opens up about joining Check Check just 12 months ago and partnering with co-founders Arnold Luck and Eddie Abramov to scale their sneaker authentication platform into a robust enterprise solution. With over 3.3 million app downloads and 2.2 million items authenticated, they're redefining trust in the secondary market. We wrap the conversation with a look at global expansion—including a powerful new partnership with India's Culture Kicks—and discuss how APIs and mobile tech are driving the next phase of authentication for streetwear and luxury resale. I even encouraged my brother to download the app—because if you're going to invest in high-value items, you need to make sure they're the real deal. And yes, I even share a story about tracking down an elusive 90s rock vocalist named Kurt, plus what my cousin's DIY guitar pedal business taught me about creative frustration, innovation, and self-determination in leadership.

This episode is sponsored by Trusona. Visit trusona.com/idac to learn more.In this episode of the Identity of the Center podcast, Jeff and Jim discuss identity verification challenges with Ori Eisen, the founder and CEO of Trusona. The conversation explores the problems surrounding help desk authentication and how Trusona's new product, ATO Protect, aims to address these issues by confirming caller identities, even in scenarios involving social engineering and advanced AI threats. Ori explains the technology behind document scanning, data triangulation, and geolocation to validate identities. The episode also includes an intriguing hack challenge for listeners to test the robustness of Trusona's solutions. Check out the detailed demo on Trusona's website and join the challenge!Timestamps00:00 Introduction and Episode Excitement01:16 Introducing the Guest: Ori Eisen from Trusona02:11 The Problem with Passwordless Authentication03:53 The Rise of Gen AI and Its Impact on Security04:51 Understanding ATO Protect and Its Importance16:10 How ATO Protect Works: A Step-by-Step Guide27:51 The Puppeteering Scam Unveiled28:24 Fingerprinting the Fraudsters29:11 Real-Time Fraud Detection Demo29:42 Challenges in Penetration Testing30:08 Combating Man-in-the-Middle Attacks30:41 The Ultimate Security Challenge33:44 Verifying Caller Identity41:24 Future Threats in Cybersecurity42:10 AI: The Double-Edged Sword49:08 Issuing the Hack Challenge52:45 Conclusion and Final ThoughtsConnect with Ori: https://www.linkedin.com/in/orieisen/Learn more about Trusona: https://www.trusona.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Trusona, Ori Eisen, Identity Verification, Help Desk Security, Service Desk, Passwordless, Authentication, KBA, Knowledge-Based Authentication, Cybersecurity, Identity and Access Management, IAM, Multi-Factor Authentication, MFA, Zero Trust, Identity Proofing#IDAC #Trusona #Passwordless #Cybersecurity #IdentityManagement #HelpDesk #ZeroTrust

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

In which the NetHeads talk about the latest and greatest in tech, pop culture, superhero stuff, and 3D printing. Plus, finally hear Tony's THUNDERBOLTS review here on NETHEADS. Enjoy hearing a show fall completely apart because honestly it was rushed. Also sorry for the delay on publishing, I waited until after I got back from vacation.

Itai Turbahn is Co-Founder and CEO of Dynamic (https://www.dynamic.xyz), a Web3 authentication platform that simplifies wallet-based login and onboarding through a flexible SDK, combining authentication, smart wallets, and secure key management. Itai shares his journey from product management leadership roles and consulting at the Boston Consulting Group to co-founding Dynamic, a company backed by a16z crypto, Founders Fund, and others. He discusses how Dynamic's growth, milestones, including sponsoring six major hackathons, supporting 400 teams, and powering millions of monthly user logins, has advanced Web3 adoption. Itai dives into the platform's role in simplifying developer workflows, enhancing user onboarding with features like social logins and Global Identities, and his vision for a more intuitive crypto future where wallet infrastructure empowers seamless cross-chain interactions.

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam delve into the intricacies of Entra External ID, a customer identity and access management solution. They discuss the importance of security considerations in application development, the risks associated with customer-facing technologies, and the need for effective authentication methods. The conversation also touches on international revenue share fraud and the implementation of authentication context to enhance security measures. The episode concludes with insights on external authentication methods and their integration into existing systems, emphasizing the collaborative nature of cybersecurity.----------------------------------------------------YouTube Video Link: https://youtu.be/SKxShnv6z3I----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/entra/architecture/deployment-external-operationshttps://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-external-method-manage----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Ken returns after a week's hiatus to review the latest AppSec news with Seth. Specifically, the idea that authentication fatigue exists for both consumers and developers. The amount of choice to implement security controls can have unintended consequences and introduces risk that may or may not be considered. This is followed by research from SquareX that claims Browser AI Agents are riskier and easier to target than employees. This results in opinions on phishing and protections against consumer/business targeting by attackers.

Trust Stamp President Andrew Gowasack joined Steve Darling from Proactive to announce a strategic partnership with Neural Payments, a fintech innovator that enables real-time person-to-person payments and advanced fraud prevention solutions for banks and credit unions. The collaboration will integrate Trust Stamp's low-code Orchestration Platform into Neural Payments' offerings to enhance identity verification and authentication processes. At the core of this integration is Trust Stamp's biometric-driven identity technology, which provides robust tools for Know Your Customer (KYC) onboarding and ongoing user reauthentication. Neural Payments users will now be able to enroll using a government-issued ID and a selfie, and subsequently approve payments simply by taking another selfie—removing the need for cumbersome and less secure methods like SMS-based one-time passcodes or authenticator apps. The IT2 framework allows for fast and privacy-preserving identity matching, eliminating the need for recurring callbacks or storing sensitive personal data. This makes it ideal for real-time payments, where speed, security, and frictionless user experience are critical. Both companies are alumni of the Independent Community Bankers of America (ICBA) ThinkTECH Accelerator, a program that fosters fintech innovation to support the nearly 4,500 community banks across the U.S. The partnership between Trust Stamp and Neural Payments reflects the ICBA's mission to drive technology adoption and modernization in community banking. Neural Payments' platform is already known for its flexible disbursement options and proactive fraud controls, and this integration with Trust Stamp will give financial institutions even more powerful tools to secure digital transactions without compromising on ease of use. With this partnership, Trust Stamp continues to extend its leadership in biometric authentication and privacy-preserving identity technology, while enabling Neural Payments to deliver a frictionless and secure user experience across its growing base of financial institution partners. #proactiveinvestors #truststamp #nasdaq #idai #NeuralPayments #P2PPayments #FintechInnovation #CommunityBanks #KYC #DigitalIdentity #PaymentSecurity #FraudPrevention #ICBA #FinancialTechnology #SecurePayments

Learn about craftsmanship quality and develop a clear collection theme to maximize both enjoyment and investment potential. Learn more at https://regaltimepiece.com/ Regal Time Piece City: Doylestown Address: 241 Harvey Avenue Website: https://regaltimepiece.com/

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have a realistic, high impact action for you to take today to boost your practice security: set up two-factor authentication (2FA).  We discuss: What 2FA is and why it's so useful Where we recommend having 2FA set up How Google Authenticator works for 2FA and why we love it How to set up and use Google Authenticator Action steps to take today to boost practice security with 2FA Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources

In this lecture, we explore the foundational principles of the law of evidence, including relevance, hearsay, impeachment, and privileges, which are crucial for bar exam success. We also introduce the Multi-State Performance Test (MPT), emphasizing its structure, types of tasks, and strategies for effective completion. Mastery of these topics is essential for both doctrinal fluency and practical proficiency in legal practice.TakeawaysMastery of evidence doctrine is crucial for success on the bar exam.Evidence governs what information may be presented at trial.Relevance is the foundational requirement for admissibility of evidence.Hearsay is one of the most nuanced doctrines in evidence.Impeachment allows parties to attack a witness's credibility.Authentication ensures that evidence is what it claims to be.Privileges protect confidential communications within specific relationships.The MPT simulates a real-world legal task requiring practical skills.Success on the MPT requires careful reading and reasoning.Mastery of both evidence and MPT is essential for bar exam success.law of evidence, Multi-State Performance Test, bar exam, hearsay, relevance, impeachment, privileges, legal reasoning, evidence rules, bar prep

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

In this Road to Macstock Conference and Expo conversation we welcome longtime speaker Kirschen Seah to discuss her upcoming session, Passkeys Demystified. Kirschen explains the promise of passkeys as a more secure, user-friendly alternative to passwords, and why adoption has been slower than expected. She shares insights into how passkeys work using public key cryptography, addresses common concerns about biometric data, and outlines how password managers like Apple Keychain and 1Password integrate with the system. With real-world scenarios and practical examples, Kirschen aims to help attendees confidently adopt passkeys and understand the evolving standards behind them.  Show Notes: Chapters: 00:08 Introduction to MacVoices 00:45 Kirschen Seah Joins the Conversation 02:20 Passkeys Demystified 08:44 Managing Multiple Accounts 10:32 The Role of Password Managers 13:15 Preparing for the Session 15:55 Macstock Conference Details 17:51 The Value of Curiosity at Macstock Links: Macstock Conference and Expo Save $50 with the Kirschen's discount code: freerangecoder Save $50 with Chuck's discount code: macvoices50 Guests: Kirschen Seah's background is Computer Sciences with interests in Software Engineering, User Experience, and Mac OS X / iPhone OS development. She started programming with BASIC in 1978 on an Apple ][ and have over 30 years of experience in the field. Kirschen worked on OPENSTEP (precursor to Mac OS X Cocoa) graphical prototyping applications initially when she joined Rockwell Collins (now Collins Aerospace) in 1999, and was a Senior Principal Systems Engineer in the Flight Management Systems department focussed on the user interface for pilot interaction. Prior to joining Rockwell Collins Kirschen worked at Acuity (formerly ichat) developing interactive user interfaces for live chat customer service agents. Now retired, there's now more time to share technical insights on her blog, develop useful scripts (Python, shell), and write Shortcuts. Kirschen is really motivated to share her experience to help fellow software practitioners develop better skills – be that in good design, implementation, or computer science fundamentals. As much as she can, Kirschen tries to share the delight in discovering how iOS and macOS applications for productivity and creativity have helped her do better in her personal and (former) work life. Connect with her on her web site, FreeRangeCoder Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Jack Friks (@jackfriks) is the founder of PostBridge, a social media scheduling tool that grew from his own frustration with spending hours posting across platforms to a $18k/month business. We explore the evolution of social media toward authenticity, the challenges of building lean products as a solopreneur, and how to navigate the noise while maintaining a genuine human connection in an AI-driven world.The blog post: https://thebootstrappedfounder.com/jack-friks-building-tools-that-empower-without-overwhelming/ The podcast episode: https://tbf.fm/episodes/396-jack-friks-building-tools-that-empower-without-overwhelmingCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

On this episode, I provide an update on the recent Windows updates and report of an issue caused by one of the updates. I cover some new enhancements from OpenAI, the culmination of a 4 year study into remote work and more! Reference Links: https://www.rorymon.com/blog/microsoft-365-authentication-issues-danish-agency-to-ditch-office-june-update-issue/

Send us a textCybersecurity vulnerabilities continue to emerge in unexpected places, as evidenced by the recent Iranian-backed attacks on U.S. water treatment facilities through poorly secured Unitronics PLCs. This alarming development sets the stage for our deep dive into API security - a critical yet often overlooked aspect of modern cybersecurity strategy.APIs form the connective tissue of our digital world, enabling seamless communication between different software systems. However, this interconnectivity creates numerous potential entry points for attackers. From RESTful APIs with their statelessness to enterprise-focused SOAP protocols and the newer GraphQL systems, each implementation brings unique security challenges that must be addressed proactively.We explore the most common API security threats facing organizations today: injection attacks that exploit poorly coded interfaces, broken authentication mechanisms that enable unauthorized access, sensitive data exposure through improper configurations, and man-in-the-middle attacks that intercept communications. Understanding these threats is just the beginning - implementing robust countermeasures is where real security happens.Authentication and access controls form the foundation of API security. OAuth, OpenID Connect, and token-based authentication systems provide powerful protection when implemented correctly. However, token management practices - including secure storage, proper revocation procedures, and regular refreshing - are equally critical yet frequently overlooked components of a comprehensive security strategy.API gateways emerge as perhaps the most valuable security control in your arsenal. Acting as centralized checkpoints, they provide enhanced visibility, consistent authentication enforcement, traffic throttling capabilities, and simplified management across numerous API connections. Cloud-based API gateways from major providers offer scalability and robust features that on-premises solutions struggle to match.Beyond the technical controls, we discuss the human element of API security. The most secure implementations balance protection with functionality while fostering collaboration between security professionals and developers. As I emphasize throughout the episode, effective security isn't about forcing compliance - it's about building bridges of understanding between teams with different expertise.Ready to strengthen your API security posture or prepare for your CISSP exam? Visit cisspcybertraining.com for free questions, comprehensive courseware, and a proven blueprint for certification success.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

Here's a payments conundrum for you: We now have more ways to authenticate access to an online account or app than ever before. And yet, account takeover (ATO) - basically unauthorized access to an account - is at record levels. In this episode, Glenbrook's Yvette Bohanan and Chris Uriarte are joined by Rocky Scales, CEO of IDgo, to explore this multifaceted problem.  Tune in as they discuss the vulnerabilities in authentication techniques, the need for better consumer education, and how financial institutions and businesses can implement more secure and user-friendly authentication systems to counteract evolving threats from sophisticated fraud methods. 

Getting Graded: Inside the Wild World of Card Authentication with TGA's TylerEver wondered how a piece of cardboard can be worth millions of dollars? This week, we dive deep into the fascinating (and slightly insane) world of sports card grading with Tyler, founder of TGA(True Grade Authentication), a new Canadian authentication company that's shaking up an industry dominated by American giants.What You'll Learn:Why getting a Wayne Gretzky card graded can cost you $1,000+ (hint: it's not just the grading fee)How the hobby transformed from 25-cent packs to $25,000 boxes with "bounty" cards worth seven figuresThe four critical factors that determine if your childhood card collection is treasure or trashWhy Canadian collectors were getting squeezed out by tariffs and how one entrepreneur saw an opportunityThe Real Talk: Tyler shares his journey from 11-year-old collector to business owner, explaining how a $25 Darryl Sittler rookie card sparked a 30+ year passion that led to launching TGA. We explore the tension between old-school collecting (nostalgia, sentiment, fun) and the new reality where cards are treated like stock investments.Phil's Journey: Watch our co-host Phil go from complete card skeptic to cautiously intrigued, despite his horror at modern pack prices and complexity. Spoiler alert: Kenny's still trying to drag him to a Toronto card show, and Phil's still saying absolutely not. Find Tyler at: https://tgagrading.com/Thank you to Field Agent Canada for sponsoring the podcast: https://www.fieldagentcanada.com/Thank you to LeBeau Excel for sponsoring this episode: https://lebeauexcel.com/  

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Back by popular demand, Mike and Jesse begin the show by ripping packs of cards (00:00). Then, the guys discuss Walmart's role in the hobby, and the top 10 greatest Yankees of all time, before Jesse questions why all these women want to go on dates with Troy. After that, Upper Deck president Jason Masherah joins the show to talk about some bad apples in the breaking industry, the future of authentication and grading, and innovation in the hobby (28:52). And to round out the show, the guys open the mailbag (56:24). Hosts: Jesse Gibson and Mike GioseffiGuest: Jason MasherahProducer: Troy Farkas Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this episode, we hear from Janikiram MSV, an industry analyst and advisor based in Hyderabad, India, who specializes in AI agents and cloud native technology. We spoke about the evolution of AI agents, from chatbots to personalized AI assistants, and their advancement to AI agents that can access data, utilize APIs, and perform tasks autonomously. The discussion also covers the impact of these technologies on various fields, especially for developers, through examples like app modernization and AI-driven tools. We address important considerations such as authentication, authorization, and the future role of junior developers in an AI-augmented world. This episode sheds light on how AI agents can significantly transform workflow efficiency across multiple domains. 00:00 Introduction 00:56 Evolution of AI Agents 06:10 Impact on Developers and IT Operations 07:17 Authentication and Authorization Challenges 09:41 Future of AI in Development 20:19 Advice for Junior Developers 22:23 Conclusion and Future Discussions   Guest:   Janakiram MSV is an an industry analyst, strategic advisor, and a practicing architect. Through his speaking, writing, and analysis, he helps businesses take advantage of emerging technologies.

Send us a textNavigating the complex landscape of authentication frameworks is essential for any cybersecurity professional, especially those preparing for the CISSP exam. This deep-dive episode unravels the intricate world of authentication systems that protect our digital identities across multiple platforms and services.We begin by examining OAuth 2.0 and OpenID Connect (OIDC), exploring how these token-based frameworks revolutionize third-party authentication without exposing user credentials. When you click "Login with Google," you're experiencing these protocols in action—reducing password reuse while maintaining security across digital services. Learn the difference between authorization flows and how these systems interact to verify your identity seamlessly across the web.The podcast then transitions to Security Assertion Markup Language (SAML), breaking down how this XML-based protocol establishes trust between identity providers and service providers. Through practical examples, we illustrate how SAML enables web single sign-on capabilities across educational institutions, corporate environments, and cloud services—creating that "connective tissue" between disparate systems while enhancing both security and user experience.Kerberos, MIT's powerful network authentication protocol, takes center stage as we explore its ticketing system architecture. Named after the three-headed dog of Greek mythology, this protocol's Authentication Service, Ticket Granting Service, and Key Distribution Center work in concert to verify identities without transmitting passwords across networks. We also discuss critical considerations like time synchronization requirements that can make or break your Kerberos implementation.For remote authentication scenarios, we compare RADIUS and TACACS+ protocols, highlighting their distinct approaches to the AAA (Authentication, Authorization, and Accounting) framework. Discover why network administrators choose UDP-based RADIUS for general network access while preferring the TCP-based TACACS+ for granular administrative control with command-level authorization and full payload encryption.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the knowledge foundation you need to implement robust authentication systems in today's interconnected world. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016.

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices

GoldenGate 23ai takes security seriously, and this episode unpacks everything you need to know. GoldenGate expert Nick Wagner breaks down how authentication, access roles, and encryption protect your data.   Learn how GoldenGate integrates with identity providers, secures communication, and keeps passwords out of storage. Understand how trail files work, why they only store committed data, and how recovery processes prevent data loss.   Whether you manage replication or just want to tighten security, this episode gives you the details to lock things down without slowing operations.   Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   --------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services.  Nikita: Welcome, everyone! This is our fourth episode on Oracle GoldenGate 23ai. Last week, we discussed the terminology, different processes and what they do, and the architecture of the product at a high level. Today, we have Nick Wagner back with us to talk about the security strategies of GoldenGate. 00:56 Lois: As you know by now, Nick is a Senior Director of Product Management for GoldenGate at Oracle. He's played a key role as one of the product designers behind the latest version of GoldenGate. Hi Nick! Thank you for joining us again. Can you tell us how GoldenGate takes care of data security? Nick: So GoldenGate authentication and authorization is done in a couple of different ways. First, we have user credentials for GoldenGate for not only the source and target databases, but also for GoldenGate itself. We have integration with third-party identity management products, and everything that GoldenGate does can be secured. 01:32 Nikita: And we must have some access roles, right? Nick: There's four roles built into the GoldenGate product. You have your security role, administrator, operator, and user. They're all hierarchical. The most important one is the security user. This user is going to be the one that provides the administrative tasks. This user is able to actually create additional users and assign roles within the product. So do not lose this password and this user is extremely important. You probably don't want to use this security user as your everyday user. That would be your administrator. The administrator role is able to perform all administrative tasks within GoldenGate. So not only can they go in and create new extracts, create new replicats, create new distribution services, but they can also start and stop them. And that's where the operator role is and the user role. So the operator role allows you to go in and start/stop processes, but you can't create any new ones, which is kind of important. So this user would be the one that could go in and suspend activity. They could restart activity. But they can't actually add objects to replication. The user role is really a read-only role. They can come in. They can see what's going on. They can look at the log files. They can look at the alerts. They can look at all the watches and see exactly what GoldenGate is doing. But they're unable to make any changes to the product itself. 02:54 Lois: You mentioned the roles are hierarchical in nature. What does that mean? Nick: So anything that the user role does can be done by the operator. Anything that the operator and user roles can do can be done by the administrator. And anything that the user, operator, and administrator roles do can be done by the security role. 03:11 Lois: Ok. So, is there a single sign-on available for GoldenGate? Nick: We also have a password plugin for GoldenGate Connections. A lot of customers have asked for integration with whatever their single sign-on utility is, and so GoldenGate now has that with GoldenGate 23ai. So these are customer-created entities. So, we have some examples that you can use in our documentation on how to set up an identity provider or a third-party identity provider with GoldenGate. And this allows you to ensure that your corporate standards are met. As we started looking into this, as we started designing it, every single customer wanted something different. And so instead of trying to meet the needs for every customer and every possible combination of security credentials, we want you to be able to design it the way you need it. The passwords are never stored. They're only retrieved from the identity provider by the plugin itself. 04:05 Nikita: That's a pretty important security aspect…that when it's time to authenticate a user, we go to the identity provider. Nick: We're going to connect in and see if that password is matching. And only then do we use it. And as soon as we detect that it's matched, that password is removed. And then for the extract and replicats themselves, you can also use it for the database, data source, and data target connections, as well as for the GoldenGate users. So, it is a full-featured plugin. So, our identity provider plugin works with IAM as well as OAM. These are your standard identity manager authentication methods. The standard one is OAuth 2, as well as OIDC. And any Identity Manager that uses that is able to integrate with GoldenGate. 04:52 Lois: And how does this work? Nick: The way that it works is pretty straightforward. Once the user logs into the database, we're going to hand off authentication to the identity provider. Once the identity provider has validated that user's identity and their credentials, then it comes back to GoldenGate and says that user is able to log in to either GoldenGate or the application or the database. Once the user is logged in, we get that confirmation that's been sent out and they can continue working through GoldenGate. So, it's very straightforward on how it works. There's also a nice little UI that will help set up each additional user within those systems. All the communication is also secured as well. So any communication done through any of the GoldenGate services is encrypted using HTTPS. All the REST calls themselves are all done using HTTPS as well. All the data protection calls and all the communication across the network when we send data across a distribution service is encrypted using a secure WebSocket. And there's also trail file encryption at the operating system level for data at REST. So, this really gives you the full level of encryption for customers that need that high-end security. GoldenGate does have an option for FIPS 140-2 compliance as well. So that's even a further step for most of those customers. 06:12 Nikita: That's impressive! Because we want to maintain the highest security standards, right? Especially when dealing with sensitive information. I now want to move on to trail files. In our last episode, we briefly spoke about how they serve as logs that record and track changes made to data. But what more can you tell us about them, Nick? Nick: There's two different processes that write to the trail files. The extract process will write to the trail file and the receiver service will write to the trail file. The extract process is going to write to the trail file as it's pulling data out of that source database. Now, the extract process is controlled by a parameter file, that says, hey, here's the exact changes that I'm going to be pulling out. Here's the tables. Here's the rows that I want. As it's pulling that data out and writing it to the trail files, it's ensuring that those trail files have enough information so that the replicat process can actually construct a SQL statement and apply that change to that target platform. And so there's a lot of ways to change what's actually stored in those trail files and how it's handled. The trail files can also be used for initial loads. So when we do the initial load through GoldenGate, we can grab and write out the data for those tables, and that excludes the change data. So initial loads is pulling the data directly from the tables themselves, whereas ongoing replication is pulling it from the transaction logs. 07:38 Lois: But do we need to worry about rollbacks? Nick: Our trail files contain committed data only and all data is sequential. So this is two important things. Because it contains committed data only, we don't need to worry about rollbacks. We also don't need to worry about position within that trail file because we know all data is sequential. And so as we're reading through the trail file, we know that anything that's written in a prior location in that trial file was committed prior to something else. And as we get into the recovery aspects of GoldenGate, this will all make a lot more sense. 08:13 Lois: Before we do that, can you tell us about the naming of trail files? Nick: The trail files as far as naming, because these do reside on the operating system, you start with a two-letter trail file abbreviation and then a nine-digit sequential value. So, you almost look at it as like an archive log from Oracle, where we have a prefix and then an affix, which is numeric. Same kind of thing. So, we have our two-letter, in this case, an ab, and then we have a nine-digit number. 08:47 Transform the way you work with Oracle Database 23ai! This cutting-edge technology brings the power of AI directly to your data, making it easier to build powerful applications and manage critical workloads. Want to learn more about Database 23ai? Visit mylearn.oracle.com to pick from our range of courses and enroll today! 09:12 Nikita: Welcome back! Ok, Nick. Let's get into the GoldenGate recovery process. Nick: When we start looking at the GoldenGate recovery process, it essentially makes GoldenGate kind of point-in-time like. So on that source database, you have your extract process that's going to be capturing data from the transaction logs. In the case of Oracle, the Oracle Database is actually going to be reading those transaction logs from us and passing the change records directly to GoldenGate. We call them an LCR, Logical Change Record. And so the integrated extract and GoldenGate, the extract portion tells the database, hey, I'm now going to be interested in the following list of tables. And it gives a list of tables to that internal component, the log mining engine within the database. And it says, OK, I'm now pulling data for those tables and I'm going to send you those table changes. And so as the extract process gets sent those changes, it's going to have checkpoint information. So not only does it know where it was pulling data from out of that source database, but what it's also writing to the trail file. The trail files themselves are all sequential and they have only committed data, as we talked about earlier. The distribution service has checkpoint information that says, hey, I know where I'm reading from in the previous trail file, and I know what I've sent across the network. The receiver service is the same thing. It knows what it's receiving, as well as what it's written to the trail file and the target system. The replicat also has a checkpoint. It knows where it's reading from in the trail file, and then it knows what it's been applying into that target database.  This is where things start to become a little complicated. Our replicat process in most cases are parallel, so it'll have multiple threads applying data into that target database. Each of those threads is applying different transactions. And because of the way that the parallelism works in the replicat process, you can actually get situations where one replicat thread might be applying a transaction higher than another thread. And so you can eliminate that sequential or serial aspect of it, and we can get very high throughput speeds to the replicat. But it means that the checkpoint needs to be kind of smart enough to know how to rebuild itself if something fails. 11:32 Lois: Ok, sorry Nick, but can you go through that again? Maybe we can work backwards this time?  Nick: If the replicat process fails, when it comes back up, it's going to look to its checkpoint tables inside that target database. These checkpoint tables keep track of where each thread was at when it crashed. And so when the replicat process restarts, it goes, oh, I was applying these threads at this location in these SCNs. It'll then go and read from the trail file and say, hey, let me rebuild that data and it only applies transactions that it hasn't applied yet to that target system. There is a synchronized replicat command as well that will tell a crashed replicat to say, hey, bring all your threads up to the same high watermark. It does that process automatically as it restarts and continues normal replication. But there is an option to do it just by itself too. So that's how the replicat kind of repairs and recovers itself. It'll simply look at the trail files. Now, let's say that the replicat crashed, and it goes to read from the trail files when it restarts and that trail profile is missing. It'll actually communicate to the distribution, or excuse me, to the receiver service and say, hey, receiver service, I don't have this trail file. Can you bring it back for me? And the receiver service will communicate downstream and say, hey, distribution service, I need you to resend me trail find number 6. And so the distribution service will resend that trail file so that the replicat can reprocess it. So it's often nice to have redundant environments with GoldenGate so we can have those trail files kind of around for availability. 13:13 Nikita: What if one of these files gets corrupted? Nick: If one of those trail files is corrupt, let's say that a trail file on the target site became corrupt and the replicat can't read from it for one reason or another. Simply stop the replicat process, delete the corrupt trail file, restart the replicat process, and now it's going to rebuild that trail file from scratch based on the information from the source GoldenGate environment. And so it's very recoverable. Handles it all very well. 13:40 Nikita: And can the extract process bounce back in the same way? Nick: The extract process can also recover in a similar way. So if the extract process crashes, when it restarts itself, there's a number of things that it does. The first thing is it has to rebuild any open transactions. So it keeps all sorts of checkpoint information about the oldest transaction that it's keeping track of, any open transactions that haven't been committed, and any other transactions that have been committed that it's already written to the trail file. So as it's reprocessing that data, it knows exactly what it's committed to trail and what hasn't been committed. And there's a number of ways that it does this.  There's two main components here. One of them is called bounded recovery. Bounded recovery will allow you to set a time limit on transactions that span a certain length of time that they'll actually get flushed out to disk on that GoldenGate Hub. And that way it'll reduce the amount of time it takes GoldenGate to restart the extract process. And the other component is cache manager. Cache manager stores uncommitted transactions. And so it's a very elegant way of rebuilding itself from any kind of failure. You can also set up restart profiles so that if any process does crash, the GoldenGate service manager can automatically restart that service an x number of times across y time span. So if I say, hey, if my extract crashes, then attempt to restart it 100 times every 5 seconds. So there's a lot of things that you can do there to make it really nice and automatic repair itself and automatically resilient.  15:18 Lois: Well, that brings us to the end of this episode. Thank you, Nick, for going through the security strategies and recovery processes in such detail. Next week, we'll look at the installation of GoldenGate. Nikita: And if you want to learn more about the topics we discussed today, head over to mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Nikita Abraham… Lois: And Lois Houston signing off! 15:44 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Send us a textEver wondered how your sensitive messages stay secure in an increasingly dangerous digital landscape? The answer lies in message integrity controls, digital signatures, and certificate validation – the core components of modern cybersecurity we tackle in this episode.We begin with a timely breakdown of Microsoft's recent security breach by Russian hackers who stole source code by exploiting a test environment. This real-world example perfectly illustrates why proper security controls must extend beyond production environments – a lesson many organizations learn too late.Diving into the technical foundation of message security, we explore how basic checksums evolved into sophisticated hashing algorithms like MD5, SHA-2, and SHA-3. You'll understand what makes these algorithms effective at detecting tampering and why longer digests provide better protection against collision attacks.Digital signatures emerge as the cornerstone of secure communication, providing the crucial trifecta of integrity verification, sender authentication, and non-repudiation. Through practical examples with our fictional users Alice and Bob, we demonstrate exactly how public and private keys work together to safeguard information exchange.The episode culminates with an exploration of digital certificates and S/MIME protocols – the technologies that make secure email possible. You'll learn how certificate authorities establish chains of trust, what happens when certificates are compromised, and how the revocation process protects the entire ecosystem.Whether you're preparing for the CISSP exam or simply want to understand how your sensitive communications remain protected, this episode provides clear, actionable knowledge about the cryptographic building blocks that secure our digital world.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of The Other Side of the Firewall podcast, Ryan Williams and Shannon Tynes discuss the latest developments in cybersecurity, focusing on Microsoft's shift to passwordless accounts and the implications for users. They explore the challenges of password management, the benefits of passkeys and biometric authentication, and the future of cybersecurity in the context of emerging technologies like quantum computing. Article: Microsoft makes all new accounts passwordless by default https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/?fbclid=IwY2xjawKIWopleHRuA2FlbQIxMAABHod4579kkkG2HEuaLmQVIdGGMKHARmAvA3vXcVN_PutWmqk3mTsLO1emRVqk_aem_SCwuxj4mNbRstoBAlI0Xgg Please LISTEN

It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf

Episode SummaryIn this episode of The Secure Developer, host Danny Allan sits down with Alex Salazar, founder and CEO of Arcade, to discuss the evolving landscape of authentication and authorization in an AI-driven world. Alex shares insights on the shift from traditional front-door security to back-end agent interactions, the challenges of securing AI-driven agents, and the role of identity in modern security frameworks. The conversation delves into the future of AI, agentic workflows, and how organizations can navigate authentication, authorization, and security in this new era.Show NotesDanny Allan welcomes Alex Salazar, an experienced security leader and CEO of Arcade, to explore the transformation of authentication and authorization in AI-powered environments. Drawing from his experience at Okta, Stormpath, and venture capital, Alex provides a unique perspective on securing interactions between AI agents and authenticated services.Key topics discussed include:The Evolution of Authentication & Authorization: Traditional models focused on front-door access (user logins, SSO), whereas AI-driven agents require secure back-end interactions.Agentic AI and Security Risks: How AI agents interact with services on behalf of users, and why identity becomes the new perimeter in security.OAuth and Identity Challenges: Adapting OAuth for AI agents, ensuring least-privilege access, and maintaining security compliance.AI Hallucinations & Risk Management: Strategies for mitigating LLM hallucinations, ensuring accuracy, and maintaining human oversight.The Future of AI & Agentic Workflows: Predictions on how AI will continue to evolve, the rise of specialized AI models, and the intersection of AI and physical automation.Alex and Danny also discuss the broader impact of AI on developer productivity, with insights into how companies can leverage AI responsibly to boost efficiency without compromising security.LinksArcade.dev - Make AI Actually Do ThingsOkta - IdentityOAuth - Authorization ProtocolLangChain - Applications that Can ReasonHugging Face - The AI Community Building the FutureSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

⬥GUEST⬥Ken Huang, Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice. The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows.Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges.Practical Applications and Emerging Use CasesKen outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce's AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention.Implications for Development and Security TeamsDevelopment teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement.Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed.The Call for Collaboration and Mindset ShiftAgentic AI isn't just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMRMore books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GNVideo Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=falsePodcast: The 2025 OWASP Top 10 for LLMs: What's Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

This week, we discuss Google acquiring Wiz, the rise of Vibe Coding, and what really counts as legacy software. Plus, Coté runs a post-acquisition all-hands meeting. Watch the YouTube Live Recording of Episode 511 (https://www.youtube.com/live/ok8lLHFCCRY?si=aos-m8eR1iYcR12v) Runner-up Titles Tattoo “BUSINESS AS USUAL” on the inside of your eyelids BUSINESS AS USUAL One billion a month Turns out they're gonna put lions in the product. Vibe coding is outcomes-focused. Cote's AI Thunderdome Don't make me learn Think About Time VibeCOBOL I don't like the no-head Rundown Google in Fresh Talks to Buy Cybersecurity Startup Wiz for $30 Billion (https://www.wsj.com/business/deals/alphabet-back-in-deal-talks-for-cybersecurity-startup-wiz-41cd3090?mod=tech_lead_story) Intel board announces Lip-Bu Tan as new CEO (https://www.theregister.com/2025/03/12/intel_lip_bu_tan_new_ceo/) Vibe Coding AI IDEs Need Moats (https://materializedview.io/p/ai-ides-need-moats?ref=dailydev) AI coding assistant refuses to write code, tells user to learn programming instead (https://arstechnica.com/ai/2025/03/ai-coding-assistant-refuses-to-write-code-tells-user-to-learn-programming-instead/) Github Coploit does have an agent mode (https://github.com/features/copilot) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (https://techcrunch.com/2025/03/14/ai-coding-assistant-cursor-reportedly-tells-a-vibe-coder-to-write-his-own-damn-code/) Vibe Coder job listing (https://getcoai.com/careers/vibe-coder-frontend-developer-role/) Legacy Software Relevant to your Interests Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data (https://www.404media.co/saudi-arabia-buys-pokemon-go-and-probably-all-of-your-location-data/) Open R1: Update #3 (https://huggingface.co/blog/open-r1/update-3) Sonos has canceled its streaming video player (https://www.theverge.com/tech/628297/sonos-pinewood-streaming-box-canceled) ServiceNow releases no-code, low-code AI agent builder (https://www.ciodive.com/news/servicenow-yokohama-agentic-ai-low-code-development-tool/742275/) Meta Seeks to Block Further Sales of Ex-Employee's Scathing Memoir (https://www.nytimes.com/2025/03/12/technology/meta-book-sales-blocked.html) AirPods Getting Live Translation Feature Later This Year (https://www.macrumors.com/2025/03/13/airpods-live-translation-ios-19/) Clouded Judgement 3.14.25 - Authentication in the Age of AI Agents (https://cloudedjudgement.substack.com/p/clouded-judgement-31425-authentication?utm_source=post-email-title&publication_id=56878&post_id=159023089&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Google allows users to personalize their Gemini conversations with new features (https://www.cnbc.com/2025/03/13/google-now-allows-users-to-personalize-their-gemini-conversations.html) Undergraduate Upends a 40-Year-Old Data Science Conjecture (https://www.wired.com/story/undergraduate-upends-a-40-year-old-data-science-conjecture/) Job Seekers Hit Wall of Salary Deflation - WSJ (https://archive.ph/Gn0F9) Something Is Rotten in the State of Cupertino (https://daringfireball.net/2025/03/something_is_rotten_in_the_state_of_cupertino) OpenStack comes to the Linux Foundation | TechCrunch (https://techcrunch.com/2025/03/12/openstack-comes-to-the-linux-foundation/?trk=feed-detail_main-feed-card_feed-article-content) Accusations of Corporate Espionage Shake a Software Rivalry (https://www.nytimes.com/2025/03/17/business/dealbook/rippling-deel-corporate-spy.html?smid=nytcore-ios-share&referringSource=articleShare) IBM Mergers: Closing on HashiCorp and Intent to Acquire Data (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)S (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)tax (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/) Nonsense The Problem with Time & Timezones - Computerphile (https://www.youtube.com/watch?v=-5wpm-gesOY&t=7s) Southwest Airlines CEO Video via WFAA (https://www.tiktok.com/@wfaach8/video/7480585081753537835?_t=ZT-8ufHaixEbks&_r=1) Southwest Airlines Just Broke the $5 Chicken Rule, and There Goes What Once Made It Great (https://www.inc.com/bill-murphy-jr/southwest-airlines-just-broke-the-5-chicken-rule-and-there-goes-what-once-made-it-great/91161331). Conferences SREday London (https://sreday.com/2025-london-q1/), March 27-28, Coté speaking (https://sreday.com/2025-london-q1/Michael_Cote_VMware__Pivotal_Platform_Engineering_for_Private_Cloud). 10% with code LDN10 Monki Gras (https://monkigras.com/), London, March 27-28, Coté speaking. Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA NDC Oslo (https://ndcoslo.com/), May 21-23, Coté speaking. KubeCon EU (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/), April 1-4, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Severance (https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://tv.apple.com/us/show/severance/umc.cmc.1srk2goyh2q2zdxcx605w8vtx&ved=2ahUKEwiJ95mBjZeMAxXo4skDHWOrJ3gQFnoECGwQAQ&usg=AOvVaw06Jqv4WAF89UKW2fy4RaHx) ** Matt: Geoff Huntley's blog (https://ghuntley.com/) Coté: Barthes: A Very Short Introduction (https://academic.oup.com/book/28389), Coté — When Shit Hits the Fan (https://overcast.fm/+AAxlGT9_-n8). Photo Credits Header (https://unsplash.com/photos/people-sitting-on-chairs-watching-a-game-6vAjp0pscX0)

Revolutionizing Memorabilia: The Realist's Authentic Collectibles Marketplace Therealest.com About the Guest(s): Base Naaman is the Co-founder and Head of Brand at The Realist, a pioneering firm in the memorabilia market. He is responsible for directing the company's creative strategy and overseeing partnerships with major industry names such as the Philadelphia Eagles, Miami Heat, Snoop Dogg, Usher, and Paramount Studios. The Realist is renowned for setting the next-generation standards in sports and entertainment memorabilia authentication, sourcing items directly from athletes and artists, powered by cutting-edge identification technology. Episode Summary: Welcome to the latest episode of The Chris Vos Show, where we're joined by Base Naaman from The Realist. This episode unfolds the intriguing world of authentic sports and entertainment memorabilia, highlighting the technology and strategy behind ensuring authenticity. Base Naaman shares insights into The Realist's mission to bridge the gap in memorabilia collectability between sports and music industries and the untapped potential of these sectors for collectors and fans. Base Naaman elaborates on how The Realist implements groundbreaking authentication methods akin to those used by Major League Baseball, minimizing fraud within the memorabilia industry. By deploying witnesses at live events and maintaining a transparent transfer chain, The Realist sets high standards in provenance verification. Base Naaman also narrates fascinating stories behind significant partnerships with legendary bands like Megadeth and critical events like partnering with the Philadelphia Eagles during their Super Bowl victory journey, offering fans a tangible piece of history. Key Takeaways: The Realist closes the gap between sports and music memorabilia collecting by making genuine items accessible to fans. Authentication involves real-time, witnessed verification to ensure 100% authenticity for memorabilia. High-profile partnerships, such as with Megadeth and the Philadelphia Eagles, demonstrate The Realist's capacity to bring authentic, collectible items to fans. Efforts are made not only to monetize collectibles but to preserve and respect the legacy of artists and athletes by minimizing fraud. The Realist promotes environmental sustainability by repurposing items and preventing memorabilia from ending up as waste. Notable Quotes: "It's all about trust really. It's like building these relationships directly with the artists and teams." "You are some of the most followed and loved and admired people on this planet. Why are people not able to own items that you've used on stage?" "We kind of doubled down on the authentication because we are big sports fans." "They don't realize how much of their stuff is being sold online and their fans are getting ripped off." "Nothing's impossible. I think we'll be able to reach everyone soon enough."

In this episode of the Identity Center Podcast, Jim McDonald discusses policy enforcement, adaptive authentication, and fraud prevention with Patrick Harding, Chief Product Architect at Ping Identity. They delve into how policy enforcement can be managed locally to maintain performance for SaaS applications while ensuring greater flexibility using standards like AuthZEN. Jim and Patrick also cover the benefits and challenges of using SAML and OpenID Connect for single sign-on (SSO) and explore the future role of AI agents in identity and access management. Additionally, they provide valuable tips for attending identity-focused conferences in Berlin and Las Vegas.Chapters00:00 Introduction to Policy Enforcement01:29 Welcome to the Identity Center Podcast01:54 Conference Discount Codes03:03 Guest Introduction: Patrick Harding from Ping Identity03:54 Patrick's Journey into Identity06:56 Challenges in Adaptive Authentication10:50 SaaS Applications and Policy Enforcement21:18 Advanced Fraud Analytics29:23 Integrating On-Premise and Cloud Applications30:35 Effort and Challenges in Modernizing Applications31:22 The Shift to OpenID Connect32:22 SaaS Applications and Single Sign-On Costs33:52 AI Agents and Adaptive Authentication34:54 The Future of AI Agents in Business39:15 Delegation and Authentication for AI Agents43:46 The Impact of AI on Jobs and Efficiency47:11 Advice for Future Careers in a Tech-Driven World52:57 Conference Tips and Final ThoughtsConnect with Patrick: https://www.linkedin.com/in/pharding/Conference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com