Podcasts about Authentication

In this episode, we take a close look at the history of security issues in Power Pages. We start with the early days — when simple misconfigurations like unchecked table permissions and enabled OData feeds led to major data exposures. These weren't bugs, but they showed how easy it was to set things up the wrong way. We talk about how Microsoft responded and what lessons we've learned about secure defaults and clear documentation. We then move on to more serious vulnerabilities introduced by newer features like the Web API. We explain how some of these flaws allowed access to restricted data using filters and sort clauses, and how those issues were eventually patched. These were real product-level bugs, and some were even exploited in the wild. We also share our thoughts on external authentication providers like Google, and the risks that come with delegating authentication — including phishing techniques that can bypass protections. Finally, we reflect on how Power Pages compares to platforms like WordPress, especially when it comes to architecture and the potential for plugin-related vulnerabilities. Despite recent issues, we think the original design of Power Pages deserves credit for holding up well over time. References Power Pages security | Microsoft Learn Tip #1407: How to secure Power Apps portal from making the news - Power Platform & Dynamics CRM Tip Of The Day Engineered Code - Blog - Power Pages: Another “Leak” https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html https://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/ https://www.cnn.com/2021/08/24/tech/data-leak-microsoft-upguard/index.html   https://www.upguard.com/breaches/power-apps Get in touch voice@crm.audio Nick Hayduk @Engineered_Code George Doubinski @georgedude

Lisa and Amy are revisiting one of their personal property specific episodes in today's Summer Throwback.

Host Paul W. Grimm continues his conversation with Professor Maura R. Grossman on the legal system's growing challenges with generative AI and deepfakes. They explore how AI-generated images, video, and audio differ from traditional fakes—and why they present unique evidentiary challenges and ethical problems for lawyers and judges. They also discuss the legal implications of the “liar's dividend,” the psychological impact of AI-generated evidence on juries, and potential updates to the Federal Rules of Evidence. In the absence of new rules dealing with AI evidence, they explain how early case management, protective orders, and Rules 403 and 901 can address a few of these challenges.ADDITIONAL RESOURCESGrossman, Grimm & Coglianese "AI in the Courts: How Worried Should We Be?" (Judicature)This Judicature article offers a discussion of the pros and cons of AI in the legal profession following the rise of ChatGPT and other large language models (LLMs).Federal Rules of Evidence – In particular, this episode focuses on:Rule 104(a) & (b): Preliminary vs. conditional relevanceRule 403: Exclusion of prejudicial evidenceRule 901: Authentication of evidenceRule 702: Expert testimony ABOUT THE HOSTJudge Paul W. Grimm (ret.) is the David F. Levi Professor of the Practice of Law and Director of the Bolch Judicial Institute at Duke Law School. From December 2012 until his retirement in December 2022, he served as a district judge of the United States District Court for the District of Maryland, with chambers in Greenbelt, Maryland. Click here to read his full bio.

Please enjoy this encore of Word Notes. An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠ Audio reference link:"⁠Global Cyber Alliance's Phil Reitinger talks DMARC adoption⁠" “Global Cyber Alliance's Phil Reitinger Talks DMARC Adoption.” YouTube Video. YouTube, April 27, 2018

From SAML to OAuth to FIDO2 to passwordless promises, we unpack what's working—and what's broken—in the world of identity and authentication. Today on the Packet Protector podcast, we're joined by the always thoughtful and occasionally provocative Wolf Goerlich, former Duo advisor, and now a practicing CISO in the public sector. We also talk about authorization... Read more »

From SAML to OAuth to FIDO2 to passwordless promises, we unpack what's working—and what's broken—in the world of identity and authentication. Today on the Packet Protector podcast, we're joined by the always thoughtful and occasionally provocative Wolf Goerlich, former Duo advisor, and now a practicing CISO in the public sector. We also talk about authorization... Read more »

Please enjoy this encore of Word Notes. An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠ Audio reference link:"⁠Global Cyber Alliance's Phil Reitinger talks DMARC adoption⁠" “Global Cyber Alliance's Phil Reitinger Talks DMARC Adoption.” YouTube Video. YouTube, April 27, 2018 Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Q&A Quest, we discuss Shadow Labyrinth. We also continuing talking about the joy that is Donkey Kong Bananza. The post Episode 407: Proxy Authentication Required – Q&A Quest appeared first on RPGamer.

Elon Musk and Asmongold talk about Internet ID, Authentication tokens, & Government vs Corporate oversight. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.   In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

This episode of Wrist Check Podcast, brought to you by luxury watch marketplace Bezel, dives deep into the numbers behind the wrist game. Perri and Rashawn break down the latest Bezel Report, revealing how buyers and sellers are shaping the market—from the most in-demand metals to which eras of iconic models are rising or falling in favor. They also explore the growing concern around counterfeits, surprising brand sell-outs, and what collectors are really asking for. Tune in for an insightful, data-driven conversation, layered with real-world anecdotes from the community.Powered by @getbezel Shop 20,000+ watches at getbezel.com, and Download the Bezel app at download.getbezel.com⁠⁠⁠⁠⁠⁠⁠⁠SUBSCRIBE⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ to get the latest Wrist Check Pod content ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Follow us on instagram⁠⁠⁠Chapters00:00 - Intro01:21 - Rashawn's Wrist Check03:26 - Perri's Wrist Check08:27 - What Is The Bezel Report10:28 - Authentication vs Rejection Rates12:02 - Counterfeit Watches16:08 - Rejections By Brand20:30 - Identifying Fake Watches25:53 - Requests By Brand33:41 - Sales By Brand 40:12 - Most Requested Decades For Watches46:19 - Sales By Case Size51:25 - Sales By Case Material55:29 - Tariffs Impact57:16 - Summary01:03:27 - Outro

“The simple believe everything, but the prudent give thought to their steps.” — Proverbs 14:15In an age where scams are becoming more sophisticated by the day, Scripture reminds us that discernment isn't optional—it's essential. As believers, protecting the resources God has entrusted to us is more than a practical concern—it's an act of stewardship. Here's how you can guard your finances with wisdom, not fear.Scams Are Everywhere—But So Is WisdomFraudsters use every channel available: phone calls, text messages, emails, and even impersonations of people you trust. But as followers of Christ, we're not called to panic. We're called to walk in wisdom (Ephesians 5:15). That begins with slowing down and thinking critically.Pause before you respond. Scammers rely on urgency. If someone pressures you to act immediately—whether claiming your account is locked or your money is at risk—take a step back. Hang up. Verify the source independently. Urgency is often a red flag. Avoid untraceable payments. No legitimate organization will ask for payment via wire transfer or gift cards. These are the preferred tools of scammers because they're nearly impossible to recover.Practical Steps for Digital ProtectionFinancial stewardship now includes digital awareness. Here are practical ways to protect yourself and your family:Use credit cards, not debit cards, for online purchases. Credit cards usually come with stronger fraud protection. Enable two-factor authentication (2FA) on all your financial accounts. Even if a scammer gets your password, they can't access your account without a second form of verification. Don't reuse passwords. Use a secure password manager, such as Bitwarden or NordPass, to create and store strong, unique passwords. Set up account alerts. Most banks allow you to monitor activity in real-time, giving you a heads-up if something unusual occurs. Freeze your credit. It's free to do and offers one of the best defenses against identity theft. You can always unfreeze it temporarily when needed. Avoid public Wi-Fi for financial transactions. Wait until you're on a secure network or at home to check your bank accounts or make purchases. Limit what you share on social media. Personal details, such as birthdays or family names, can be used to guess passwords or security questions. Adjust your privacy settings and post wisely. Shred sensitive documents before discarding them. Even in the digital age, identity thieves still dig through trash. Don't click on unfamiliar links, even if they appear to come from someone you know. When in doubt, contact the person or organization directly for clarification.Stewarding Wisdom in CommunityScammers often target the vulnerable, particularly older adults and teenagers. So make this a shared effort. Discuss online fraud with your family. Equip them with knowledge. If you receive a letter or email about identity protection following a data breach, verify it by contacting the company directly, rather than through the provided link or number.Financial faithfulness today includes digital vigilance. But there's no need for fear. By taking these simple steps, you can walk confidently, knowing you're stewarding God's resources with care.A Tool for Wise Stewardship: The FaithFi AppLooking for a practical way to manage your money with wisdom and peace of mind? The FaithFi app is a secure tool that helps you track your spending, plan your giving, and align your finances with biblical values. With 256-bit encryption, your data is protected, and your login credentials are never stored. FaithFi Pro users also receive exclusive articles, digital devotionals, and daily encouragement.Visit FaithFi.com and click “App” or search “FaithFi” in your app store to get started today.Steward your finances wisely. Protect what God has entrusted to you. And walk in peace, not panic.On Today's Program, Rob Answers Listener Questions:My 14-year-old son just started his first full-time summer job, working around 37 to 40 hours a week. I'd like to help him get started with investing and am considering opening a Roth IRA in his name. What's the best way to set that up, and where should we go to open the account?We're debt-free and recently bought a home. Our current vehicle is paid off, but we're thinking about adding a second car with a monthly payment of around $500. I'm a little uneasy about the added expense. How can we determine if this is a wise financial move for us at this time?Resources Mentioned:Faithful Steward: FaithFi's New Quarterly Magazine (Become a FaithFi Partner)The Money Challenge for Teens: Prepare for College, Run from Debt, and Live Generously by Dr. Art RainerThe Finish Line PledgeSchwab Intelligent Portfolios | BettermentBitwarden | NordPassWisdom Over Wealth: 12 Lessons from Ecclesiastes on MoneyLook At The Sparrows: A 21-Day Devotional on Financial Fear and AnxietyRich Toward God: A Study on the Parable of the Rich FoolFind a Certified Kingdom Advisor (CKA) or Certified Christian Financial Counselor (CertCFC)FaithFi App Remember, you can call in to ask your questions most days at (800) 525-7000. Faith & Finance is also available on the Moody Radio Network and American Family Radio. Visit our website at FaithFi.com where you can join the FaithFi Community and give as we expand our outreach.

Episode Title: Market Resilience, Counterfeit Realities, and the Future of Authentication with Perry Nguyen of Check Check Show Notes: In this episode, I'm joined by Perry Nguyen with Check Check, a cutting-edge digital authentication platform reshaping the luxury resale landscape. Our conversation explores the parallels between nature's most resilient species and the dynamic, ever-evolving global marketplace, particularly the explosive growth of luxury resale and the counterfeit economy. Perry shares how Check Check leverages a global team of expert authenticators to verify high-value goods, including sneakers, designer items, and collectibles. With the rise of “super fakes” and consumer trust hanging in the balance, Perry explains why real-time, mobile-first authentication is no longer a luxury—it's a necessity. We dig into Perry's fascinating career journey—from scaling a cannabis startup from zero to $11M in sales, to lobbying Congress (cowboy hat and all) in support of a groundbreaking antifungal vaccine for animals. His background in the music industry also adds a creative twist to his leadership style, which I found incredibly relatable. Perry also opens up about joining Check Check just 12 months ago and partnering with co-founders Arnold Luck and Eddie Abramov to scale their sneaker authentication platform into a robust enterprise solution. With over 3.3 million app downloads and 2.2 million items authenticated, they're redefining trust in the secondary market. We wrap the conversation with a look at global expansion—including a powerful new partnership with India's Culture Kicks—and discuss how APIs and mobile tech are driving the next phase of authentication for streetwear and luxury resale. I even encouraged my brother to download the app—because if you're going to invest in high-value items, you need to make sure they're the real deal. And yes, I even share a story about tracking down an elusive 90s rock vocalist named Kurt, plus what my cousin's DIY guitar pedal business taught me about creative frustration, innovation, and self-determination in leadership.

This episode is sponsored by Trusona. Visit trusona.com/idac to learn more.In this episode of the Identity of the Center podcast, Jeff and Jim discuss identity verification challenges with Ori Eisen, the founder and CEO of Trusona. The conversation explores the problems surrounding help desk authentication and how Trusona's new product, ATO Protect, aims to address these issues by confirming caller identities, even in scenarios involving social engineering and advanced AI threats. Ori explains the technology behind document scanning, data triangulation, and geolocation to validate identities. The episode also includes an intriguing hack challenge for listeners to test the robustness of Trusona's solutions. Check out the detailed demo on Trusona's website and join the challenge!Timestamps00:00 Introduction and Episode Excitement01:16 Introducing the Guest: Ori Eisen from Trusona02:11 The Problem with Passwordless Authentication03:53 The Rise of Gen AI and Its Impact on Security04:51 Understanding ATO Protect and Its Importance16:10 How ATO Protect Works: A Step-by-Step Guide27:51 The Puppeteering Scam Unveiled28:24 Fingerprinting the Fraudsters29:11 Real-Time Fraud Detection Demo29:42 Challenges in Penetration Testing30:08 Combating Man-in-the-Middle Attacks30:41 The Ultimate Security Challenge33:44 Verifying Caller Identity41:24 Future Threats in Cybersecurity42:10 AI: The Double-Edged Sword49:08 Issuing the Hack Challenge52:45 Conclusion and Final ThoughtsConnect with Ori: https://www.linkedin.com/in/orieisen/Learn more about Trusona: https://www.trusona.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Trusona, Ori Eisen, Identity Verification, Help Desk Security, Service Desk, Passwordless, Authentication, KBA, Knowledge-Based Authentication, Cybersecurity, Identity and Access Management, IAM, Multi-Factor Authentication, MFA, Zero Trust, Identity Proofing#IDAC #Trusona #Passwordless #Cybersecurity #IdentityManagement #HelpDesk #ZeroTrust

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In the case of State of Idaho v. Bryan C. Kohberger (Case No. CR01-24-31665), the defense has filed an objection to the State's motion in limine regarding the self-authentication of records. The State seeks to admit a substantial volume of evidence—including terabytes of video footage and thousands of pages of documents—without traditional authentication, relying instead on exceptions to the hearsay rule. The defense contends that the State has not provided specific certifications or affidavits for these records, nor adequately demonstrated their relevance or authenticity. They argue that admitting such extensive evidence without proper authentication infringes upon Mr. Kohberger's constitutional rights to due process and a fair trial.Furthermore, the defense highlights discrepancies in the State's evidence collection methods, noting that some records were obtained through various means such as police canvassing, search warrants, and federal grand jury subpoenas. They point out inconsistencies in the records produced by different methods, emphasizing the necessity for the State to specify the relevance and authenticity of each piece of evidence. The defense urges the court to require the State to provide detailed justifications and proper certifications for the evidence it intends to use, asserting that the current approach hampers the defense's ability to effectively confront the evidence and violates Mr. Kohberger's constitutional protections.to contact me:bobbycapucci@protonmail.comsource:031725-Defendants-Obj-States-MiL-RE-Self-Authentication-Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

In which the NetHeads talk about the latest and greatest in tech, pop culture, superhero stuff, and 3D printing. Plus, finally hear Tony's THUNDERBOLTS review here on NETHEADS. Enjoy hearing a show fall completely apart because honestly it was rushed. Also sorry for the delay on publishing, I waited until after I got back from vacation.

Itai Turbahn is Co-Founder and CEO of Dynamic (https://www.dynamic.xyz), a Web3 authentication platform that simplifies wallet-based login and onboarding through a flexible SDK, combining authentication, smart wallets, and secure key management. Itai shares his journey from product management leadership roles and consulting at the Boston Consulting Group to co-founding Dynamic, a company backed by a16z crypto, Founders Fund, and others. He discusses how Dynamic's growth, milestones, including sponsoring six major hackathons, supporting 400 teams, and powering millions of monthly user logins, has advanced Web3 adoption. Itai dives into the platform's role in simplifying developer workflows, enhancing user onboarding with features like social logins and Global Identities, and his vision for a more intuitive crypto future where wallet infrastructure empowers seamless cross-chain interactions.

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam delve into the intricacies of Entra External ID, a customer identity and access management solution. They discuss the importance of security considerations in application development, the risks associated with customer-facing technologies, and the need for effective authentication methods. The conversation also touches on international revenue share fraud and the implementation of authentication context to enhance security measures. The episode concludes with insights on external authentication methods and their integration into existing systems, emphasizing the collaborative nature of cybersecurity.----------------------------------------------------YouTube Video Link: https://youtu.be/SKxShnv6z3I----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/entra/architecture/deployment-external-operationshttps://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-external-method-manage----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Ken returns after a week's hiatus to review the latest AppSec news with Seth. Specifically, the idea that authentication fatigue exists for both consumers and developers. The amount of choice to implement security controls can have unintended consequences and introduces risk that may or may not be considered. This is followed by research from SquareX that claims Browser AI Agents are riskier and easier to target than employees. This results in opinions on phishing and protections against consumer/business targeting by attackers.

Learn about craftsmanship quality and develop a clear collection theme to maximize both enjoyment and investment potential. Learn more at https://regaltimepiece.com/ Regal Time Piece City: Doylestown Address: 241 Harvey Avenue Website: https://regaltimepiece.com/

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have a realistic, high impact action for you to take today to boost your practice security: set up two-factor authentication (2FA).  We discuss: What 2FA is and why it's so useful Where we recommend having 2FA set up How Google Authenticator works for 2FA and why we love it How to set up and use Google Authenticator Action steps to take today to boost practice security with 2FA Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources

In this lecture, we explore the foundational principles of the law of evidence, including relevance, hearsay, impeachment, and privileges, which are crucial for bar exam success. We also introduce the Multi-State Performance Test (MPT), emphasizing its structure, types of tasks, and strategies for effective completion. Mastery of these topics is essential for both doctrinal fluency and practical proficiency in legal practice.TakeawaysMastery of evidence doctrine is crucial for success on the bar exam.Evidence governs what information may be presented at trial.Relevance is the foundational requirement for admissibility of evidence.Hearsay is one of the most nuanced doctrines in evidence.Impeachment allows parties to attack a witness's credibility.Authentication ensures that evidence is what it claims to be.Privileges protect confidential communications within specific relationships.The MPT simulates a real-world legal task requiring practical skills.Success on the MPT requires careful reading and reasoning.Mastery of both evidence and MPT is essential for bar exam success.law of evidence, Multi-State Performance Test, bar exam, hearsay, relevance, impeachment, privileges, legal reasoning, evidence rules, bar prep

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

​In Case Number CR01-24-31665, the State of Idaho has submitted a reply to defendant Bryan C. Kohberger's objection concerning the self-authentication of certain records intended for use at trial. The State aims to admit various pieces of evidence—including surveillance footage, financial records, and communication data—by relying on the Idaho Rules of Evidence (I.R.E.) 803(6) and (8) for hearsay exceptions, and I.R.E. 902(4) and (11) for self-authentication, thereby eliminating the need for foundational witnesses. They assert that each item will be accompanied by the necessary Certificates of Authenticity to establish proper foundation and relevance.In response to the defense's objections, the State details specific items of evidence, such as surveillance footage from properties on Linda Lane and video from Albertson's in Clarkston, Washington, outlining their relevance and the steps taken to authenticate them. Additionally, the State addresses records from Amazon, AT&T, and various financial institutions, emphasizing that Certificates of Authenticity have been obtained or are in the process of being secured. The State maintains that utilizing these evidentiary rules does not infringe upon the defendant's due process rights and is a standard procedure to ensure efficiency and reliability in the admission of evidence.to contact me:bobbycapucci@protonmail.comsource:032425-States+Reply+to+Defendants+Objection+to+MIL+RE+Self+Authentication+of+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

In this Road to Macstock Conference and Expo conversation we welcome longtime speaker Kirschen Seah to discuss her upcoming session, Passkeys Demystified. Kirschen explains the promise of passkeys as a more secure, user-friendly alternative to passwords, and why adoption has been slower than expected. She shares insights into how passkeys work using public key cryptography, addresses common concerns about biometric data, and outlines how password managers like Apple Keychain and 1Password integrate with the system. With real-world scenarios and practical examples, Kirschen aims to help attendees confidently adopt passkeys and understand the evolving standards behind them.  Show Notes: Chapters: 00:08 Introduction to MacVoices 00:45 Kirschen Seah Joins the Conversation 02:20 Passkeys Demystified 08:44 Managing Multiple Accounts 10:32 The Role of Password Managers 13:15 Preparing for the Session 15:55 Macstock Conference Details 17:51 The Value of Curiosity at Macstock Links: Macstock Conference and Expo Save $50 with the Kirschen's discount code: freerangecoder Save $50 with Chuck's discount code: macvoices50 Guests: Kirschen Seah's background is Computer Sciences with interests in Software Engineering, User Experience, and Mac OS X / iPhone OS development. She started programming with BASIC in 1978 on an Apple ][ and have over 30 years of experience in the field. Kirschen worked on OPENSTEP (precursor to Mac OS X Cocoa) graphical prototyping applications initially when she joined Rockwell Collins (now Collins Aerospace) in 1999, and was a Senior Principal Systems Engineer in the Flight Management Systems department focussed on the user interface for pilot interaction. Prior to joining Rockwell Collins Kirschen worked at Acuity (formerly ichat) developing interactive user interfaces for live chat customer service agents. Now retired, there's now more time to share technical insights on her blog, develop useful scripts (Python, shell), and write Shortcuts. Kirschen is really motivated to share her experience to help fellow software practitioners develop better skills – be that in good design, implementation, or computer science fundamentals. As much as she can, Kirschen tries to share the delight in discovering how iOS and macOS applications for productivity and creativity have helped her do better in her personal and (former) work life. Connect with her on her web site, FreeRangeCoder Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Jack Friks (@jackfriks) is the founder of PostBridge, a social media scheduling tool that grew from his own frustration with spending hours posting across platforms to a $18k/month business. We explore the evolution of social media toward authenticity, the challenges of building lean products as a solopreneur, and how to navigate the noise while maintaining a genuine human connection in an AI-driven world.The blog post: https://thebootstrappedfounder.com/jack-friks-building-tools-that-empower-without-overwhelming/ The podcast episode: https://tbf.fm/episodes/396-jack-friks-building-tools-that-empower-without-overwhelmingCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

On this episode, I provide an update on the recent Windows updates and report of an issue caused by one of the updates. I cover some new enhancements from OpenAI, the culmination of a 4 year study into remote work and more! Reference Links: https://www.rorymon.com/blog/microsoft-365-authentication-issues-danish-agency-to-ditch-office-june-update-issue/

Send us a textCybersecurity vulnerabilities continue to emerge in unexpected places, as evidenced by the recent Iranian-backed attacks on U.S. water treatment facilities through poorly secured Unitronics PLCs. This alarming development sets the stage for our deep dive into API security - a critical yet often overlooked aspect of modern cybersecurity strategy.APIs form the connective tissue of our digital world, enabling seamless communication between different software systems. However, this interconnectivity creates numerous potential entry points for attackers. From RESTful APIs with their statelessness to enterprise-focused SOAP protocols and the newer GraphQL systems, each implementation brings unique security challenges that must be addressed proactively.We explore the most common API security threats facing organizations today: injection attacks that exploit poorly coded interfaces, broken authentication mechanisms that enable unauthorized access, sensitive data exposure through improper configurations, and man-in-the-middle attacks that intercept communications. Understanding these threats is just the beginning - implementing robust countermeasures is where real security happens.Authentication and access controls form the foundation of API security. OAuth, OpenID Connect, and token-based authentication systems provide powerful protection when implemented correctly. However, token management practices - including secure storage, proper revocation procedures, and regular refreshing - are equally critical yet frequently overlooked components of a comprehensive security strategy.API gateways emerge as perhaps the most valuable security control in your arsenal. Acting as centralized checkpoints, they provide enhanced visibility, consistent authentication enforcement, traffic throttling capabilities, and simplified management across numerous API connections. Cloud-based API gateways from major providers offer scalability and robust features that on-premises solutions struggle to match.Beyond the technical controls, we discuss the human element of API security. The most secure implementations balance protection with functionality while fostering collaboration between security professionals and developers. As I emphasize throughout the episode, effective security isn't about forcing compliance - it's about building bridges of understanding between teams with different expertise.Ready to strengthen your API security posture or prepare for your CISSP exam? Visit cisspcybertraining.com for free questions, comprehensive courseware, and a proven blueprint for certification success.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-moscow-murders-and-more--5852883/support.

Here's a payments conundrum for you: We now have more ways to authenticate access to an online account or app than ever before. And yet, account takeover (ATO) - basically unauthorized access to an account - is at record levels. In this episode, Glenbrook's Yvette Bohanan and Chris Uriarte are joined by Rocky Scales, CEO of IDgo, to explore this multifaceted problem.  Tune in as they discuss the vulnerabilities in authentication techniques, the need for better consumer education, and how financial institutions and businesses can implement more secure and user-friendly authentication systems to counteract evolving threats from sophisticated fraud methods. 

Getting Graded: Inside the Wild World of Card Authentication with TGA's TylerEver wondered how a piece of cardboard can be worth millions of dollars? This week, we dive deep into the fascinating (and slightly insane) world of sports card grading with Tyler, founder of TGA(True Grade Authentication), a new Canadian authentication company that's shaking up an industry dominated by American giants.What You'll Learn:Why getting a Wayne Gretzky card graded can cost you $1,000+ (hint: it's not just the grading fee)How the hobby transformed from 25-cent packs to $25,000 boxes with "bounty" cards worth seven figuresThe four critical factors that determine if your childhood card collection is treasure or trashWhy Canadian collectors were getting squeezed out by tariffs and how one entrepreneur saw an opportunityThe Real Talk: Tyler shares his journey from 11-year-old collector to business owner, explaining how a $25 Darryl Sittler rookie card sparked a 30+ year passion that led to launching TGA. We explore the tension between old-school collecting (nostalgia, sentiment, fun) and the new reality where cards are treated like stock investments.Phil's Journey: Watch our co-host Phil go from complete card skeptic to cautiously intrigued, despite his horror at modern pack prices and complexity. Spoiler alert: Kenny's still trying to drag him to a Toronto card show, and Phil's still saying absolutely not. Find Tyler at: https://tgagrading.com/Thank you to Field Agent Canada for sponsoring the podcast: https://www.fieldagentcanada.com/Thank you to LeBeau Excel for sponsoring this episode: https://lebeauexcel.com/  

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Back by popular demand, Mike and Jesse begin the show by ripping packs of cards (00:00). Then, the guys discuss Walmart's role in the hobby, and the top 10 greatest Yankees of all time, before Jesse questions why all these women want to go on dates with Troy. After that, Upper Deck president Jason Masherah joins the show to talk about some bad apples in the breaking industry, the future of authentication and grading, and innovation in the hobby (28:52). And to round out the show, the guys open the mailbag (56:24). Hosts: Jesse Gibson and Mike GioseffiGuest: Jason MasherahProducer: Troy Farkas Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this episode, we hear from Janikiram MSV, an industry analyst and advisor based in Hyderabad, India, who specializes in AI agents and cloud native technology. We spoke about the evolution of AI agents, from chatbots to personalized AI assistants, and their advancement to AI agents that can access data, utilize APIs, and perform tasks autonomously. The discussion also covers the impact of these technologies on various fields, especially for developers, through examples like app modernization and AI-driven tools. We address important considerations such as authentication, authorization, and the future role of junior developers in an AI-augmented world. This episode sheds light on how AI agents can significantly transform workflow efficiency across multiple domains. 00:00 Introduction 00:56 Evolution of AI Agents 06:10 Impact on Developers and IT Operations 07:17 Authentication and Authorization Challenges 09:41 Future of AI in Development 20:19 Advice for Junior Developers 22:23 Conclusion and Future Discussions   Guest:   Janakiram MSV is an an industry analyst, strategic advisor, and a practicing architect. Through his speaking, writing, and analysis, he helps businesses take advantage of emerging technologies.

Send us a textNavigating the complex landscape of authentication frameworks is essential for any cybersecurity professional, especially those preparing for the CISSP exam. This deep-dive episode unravels the intricate world of authentication systems that protect our digital identities across multiple platforms and services.We begin by examining OAuth 2.0 and OpenID Connect (OIDC), exploring how these token-based frameworks revolutionize third-party authentication without exposing user credentials. When you click "Login with Google," you're experiencing these protocols in action—reducing password reuse while maintaining security across digital services. Learn the difference between authorization flows and how these systems interact to verify your identity seamlessly across the web.The podcast then transitions to Security Assertion Markup Language (SAML), breaking down how this XML-based protocol establishes trust between identity providers and service providers. Through practical examples, we illustrate how SAML enables web single sign-on capabilities across educational institutions, corporate environments, and cloud services—creating that "connective tissue" between disparate systems while enhancing both security and user experience.Kerberos, MIT's powerful network authentication protocol, takes center stage as we explore its ticketing system architecture. Named after the three-headed dog of Greek mythology, this protocol's Authentication Service, Ticket Granting Service, and Key Distribution Center work in concert to verify identities without transmitting passwords across networks. We also discuss critical considerations like time synchronization requirements that can make or break your Kerberos implementation.For remote authentication scenarios, we compare RADIUS and TACACS+ protocols, highlighting their distinct approaches to the AAA (Authentication, Authorization, and Accounting) framework. Discover why network administrators choose UDP-based RADIUS for general network access while preferring the TCP-based TACACS+ for granular administrative control with command-level authorization and full payload encryption.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the knowledge foundation you need to implement robust authentication systems in today's interconnected world. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016.

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Other Side of the Firewall podcast, Ryan Williams and Shannon Tynes discuss the latest developments in cybersecurity, focusing on Microsoft's shift to passwordless accounts and the implications for users. They explore the challenges of password management, the benefits of passkeys and biometric authentication, and the future of cybersecurity in the context of emerging technologies like quantum computing. Article: Microsoft makes all new accounts passwordless by default https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/?fbclid=IwY2xjawKIWopleHRuA2FlbQIxMAABHod4579kkkG2HEuaLmQVIdGGMKHARmAvA3vXcVN_PutWmqk3mTsLO1emRVqk_aem_SCwuxj4mNbRstoBAlI0Xgg Please LISTEN

It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdfBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-epstein-chronicles--5003294/support.

​In his affidavit, defense expert Sy Ray challenges the State's motion regarding AT&T Timing Advance records in the case against Bryan Kohberger. Ray asserts that AT&T's Timing Advance data, which can accurately determine a mobile device's location, was available and utilized by law enforcement during their 2022 investigation. He provides evidence that the FBI obtained such data from AT&T for over 3,800 devices, excluding Kohberger's, and contends that the prosecution's claim—that AT&T did not produce Timing Advance records in 2022—is misleading. Ray suggests that the absence of Kohberger's Timing Advance data is either a significant deviation from standard investigative procedures or indicative of intentional withholding of exculpatory evidence. He concludes that the prosecution's motion misrepresents the facts and aims to conceal potentially exonerating information.to contact me:bobbycapucci@protonmail.comsource:032625+Defendants+Notice+of+Filing+Affidavit+iso+Obj+to+the+States+MIL+RE+ATT+Timing+Advance+Records.pdf

⬥GUEST⬥Ken Huang, Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice. The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows.Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges.Practical Applications and Emerging Use CasesKen outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce's AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention.Implications for Development and Security TeamsDevelopment teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement.Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed.The Call for Collaboration and Mindset ShiftAgentic AI isn't just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMRMore books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GNVideo Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=falsePodcast: The 2025 OWASP Top 10 for LLMs: What's Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

This week, we discuss Google acquiring Wiz, the rise of Vibe Coding, and what really counts as legacy software. Plus, Coté runs a post-acquisition all-hands meeting. Watch the YouTube Live Recording of Episode 511 (https://www.youtube.com/live/ok8lLHFCCRY?si=aos-m8eR1iYcR12v) Runner-up Titles Tattoo “BUSINESS AS USUAL” on the inside of your eyelids BUSINESS AS USUAL One billion a month Turns out they're gonna put lions in the product. Vibe coding is outcomes-focused. Cote's AI Thunderdome Don't make me learn Think About Time VibeCOBOL I don't like the no-head Rundown Google in Fresh Talks to Buy Cybersecurity Startup Wiz for $30 Billion (https://www.wsj.com/business/deals/alphabet-back-in-deal-talks-for-cybersecurity-startup-wiz-41cd3090?mod=tech_lead_story) Intel board announces Lip-Bu Tan as new CEO (https://www.theregister.com/2025/03/12/intel_lip_bu_tan_new_ceo/) Vibe Coding AI IDEs Need Moats (https://materializedview.io/p/ai-ides-need-moats?ref=dailydev) AI coding assistant refuses to write code, tells user to learn programming instead (https://arstechnica.com/ai/2025/03/ai-coding-assistant-refuses-to-write-code-tells-user-to-learn-programming-instead/) Github Coploit does have an agent mode (https://github.com/features/copilot) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (https://techcrunch.com/2025/03/14/ai-coding-assistant-cursor-reportedly-tells-a-vibe-coder-to-write-his-own-damn-code/) Vibe Coder job listing (https://getcoai.com/careers/vibe-coder-frontend-developer-role/) Legacy Software Relevant to your Interests Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data (https://www.404media.co/saudi-arabia-buys-pokemon-go-and-probably-all-of-your-location-data/) Open R1: Update #3 (https://huggingface.co/blog/open-r1/update-3) Sonos has canceled its streaming video player (https://www.theverge.com/tech/628297/sonos-pinewood-streaming-box-canceled) ServiceNow releases no-code, low-code AI agent builder (https://www.ciodive.com/news/servicenow-yokohama-agentic-ai-low-code-development-tool/742275/) Meta Seeks to Block Further Sales of Ex-Employee's Scathing Memoir (https://www.nytimes.com/2025/03/12/technology/meta-book-sales-blocked.html) AirPods Getting Live Translation Feature Later This Year (https://www.macrumors.com/2025/03/13/airpods-live-translation-ios-19/) Clouded Judgement 3.14.25 - Authentication in the Age of AI Agents (https://cloudedjudgement.substack.com/p/clouded-judgement-31425-authentication?utm_source=post-email-title&publication_id=56878&post_id=159023089&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Google allows users to personalize their Gemini conversations with new features (https://www.cnbc.com/2025/03/13/google-now-allows-users-to-personalize-their-gemini-conversations.html) Undergraduate Upends a 40-Year-Old Data Science Conjecture (https://www.wired.com/story/undergraduate-upends-a-40-year-old-data-science-conjecture/) Job Seekers Hit Wall of Salary Deflation - WSJ (https://archive.ph/Gn0F9) Something Is Rotten in the State of Cupertino (https://daringfireball.net/2025/03/something_is_rotten_in_the_state_of_cupertino) OpenStack comes to the Linux Foundation | TechCrunch (https://techcrunch.com/2025/03/12/openstack-comes-to-the-linux-foundation/?trk=feed-detail_main-feed-card_feed-article-content) Accusations of Corporate Espionage Shake a Software Rivalry (https://www.nytimes.com/2025/03/17/business/dealbook/rippling-deel-corporate-spy.html?smid=nytcore-ios-share&referringSource=articleShare) IBM Mergers: Closing on HashiCorp and Intent to Acquire Data (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)S (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/)tax (https://redmonk.com/rstephens/2025/03/14/ibm-hashicorp-datastax/) Nonsense The Problem with Time & Timezones - Computerphile (https://www.youtube.com/watch?v=-5wpm-gesOY&t=7s) Southwest Airlines CEO Video via WFAA (https://www.tiktok.com/@wfaach8/video/7480585081753537835?_t=ZT-8ufHaixEbks&_r=1) Southwest Airlines Just Broke the $5 Chicken Rule, and There Goes What Once Made It Great (https://www.inc.com/bill-murphy-jr/southwest-airlines-just-broke-the-5-chicken-rule-and-there-goes-what-once-made-it-great/91161331). Conferences SREday London (https://sreday.com/2025-london-q1/), March 27-28, Coté speaking (https://sreday.com/2025-london-q1/Michael_Cote_VMware__Pivotal_Platform_Engineering_for_Private_Cloud). 10% with code LDN10 Monki Gras (https://monkigras.com/), London, March 27-28, Coté speaking. Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA NDC Oslo (https://ndcoslo.com/), May 21-23, Coté speaking. KubeCon EU (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/), April 1-4, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Severance (https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://tv.apple.com/us/show/severance/umc.cmc.1srk2goyh2q2zdxcx605w8vtx&ved=2ahUKEwiJ95mBjZeMAxXo4skDHWOrJ3gQFnoECGwQAQ&usg=AOvVaw06Jqv4WAF89UKW2fy4RaHx) ** Matt: Geoff Huntley's blog (https://ghuntley.com/) Coté: Barthes: A Very Short Introduction (https://academic.oup.com/book/28389), Coté — When Shit Hits the Fan (https://overcast.fm/+AAxlGT9_-n8). Photo Credits Header (https://unsplash.com/photos/people-sitting-on-chairs-watching-a-game-6vAjp0pscX0)

Revolutionizing Memorabilia: The Realist's Authentic Collectibles Marketplace Therealest.com About the Guest(s): Base Naaman is the Co-founder and Head of Brand at The Realist, a pioneering firm in the memorabilia market. He is responsible for directing the company's creative strategy and overseeing partnerships with major industry names such as the Philadelphia Eagles, Miami Heat, Snoop Dogg, Usher, and Paramount Studios. The Realist is renowned for setting the next-generation standards in sports and entertainment memorabilia authentication, sourcing items directly from athletes and artists, powered by cutting-edge identification technology. Episode Summary: Welcome to the latest episode of The Chris Vos Show, where we're joined by Base Naaman from The Realist. This episode unfolds the intriguing world of authentic sports and entertainment memorabilia, highlighting the technology and strategy behind ensuring authenticity. Base Naaman shares insights into The Realist's mission to bridge the gap in memorabilia collectability between sports and music industries and the untapped potential of these sectors for collectors and fans. Base Naaman elaborates on how The Realist implements groundbreaking authentication methods akin to those used by Major League Baseball, minimizing fraud within the memorabilia industry. By deploying witnesses at live events and maintaining a transparent transfer chain, The Realist sets high standards in provenance verification. Base Naaman also narrates fascinating stories behind significant partnerships with legendary bands like Megadeth and critical events like partnering with the Philadelphia Eagles during their Super Bowl victory journey, offering fans a tangible piece of history. Key Takeaways: The Realist closes the gap between sports and music memorabilia collecting by making genuine items accessible to fans. Authentication involves real-time, witnessed verification to ensure 100% authenticity for memorabilia. High-profile partnerships, such as with Megadeth and the Philadelphia Eagles, demonstrate The Realist's capacity to bring authentic, collectible items to fans. Efforts are made not only to monetize collectibles but to preserve and respect the legacy of artists and athletes by minimizing fraud. The Realist promotes environmental sustainability by repurposing items and preventing memorabilia from ending up as waste. Notable Quotes: "It's all about trust really. It's like building these relationships directly with the artists and teams." "You are some of the most followed and loved and admired people on this planet. Why are people not able to own items that you've used on stage?" "We kind of doubled down on the authentication because we are big sports fans." "They don't realize how much of their stuff is being sold online and their fans are getting ripped off." "Nothing's impossible. I think we'll be able to reach everyone soon enough."