Podcasts about Authentication

  • 1,081PODCASTS
  • 2,580EPISODES
  • 38mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 23, 2026LATEST
Authentication

POPULARITY

20192020202120222023202420252026

Categories



Best podcasts about Authentication

Show all podcasts related to authentication

Latest podcast episodes about Authentication

Threat Talks - Your Gateway to Cybersecurity Insights
Mythos is not the AI Apocalypse

Threat Talks - Your Gateway to Cybersecurity Insights

Play Episode Listen Later Jun 23, 2026 22:05


Mythos found a 23-year-old vulnerability in FreeBSD that no human team had caught. Your 30-day patch cycle assumes years before it gets weaponized. Today that window is one day. Next year it will be one hour.Lieuwe Jan Koning, Co-founder & CTO at ON2IT, sits down with Rob Maas, Field CTO at ON2IT, to break down what Anthropic's Mythos actually found, why the public release (Fable) still frustrates security professionals, and whether the FABLE framework gives defenders a realistic path forward.Rob's verdict: there is truth in what Anthropic claims. It is not as catastrophic as the marketing suggests. But if your fundamentals are not in place, the time to fix that is now.00:00:00 Introduction00:00:46 What is Mythos? From Project Glasswing to Fable00:03:13 What Mythos actually found: FreeBSD, Palo Alto, real patches00:05:57 The zero-day clock: from years to one hour00:09:00 The FABLE framework and the CSA "Mythos Ready" paper00:15:24 Authentication, segmentation, and egress filtering00:20:51 Myth or reality: Rob's verdictSubscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.

IBS Intelligence Podcasts
EP1012: The current trends in B2B payments for 2026

IBS Intelligence Podcasts

Play Episode Listen Later Jun 15, 2026 12:36 Transcription Available


Pat Bermingham, CEO, AdflexWe review the top trends that will transform how businesses make and take payments in the modern world. Robin Amlôt of IBS Intelligence speaks to Pat Bermingham, CEO of UK-based B2B digital payment processor Adflex. The company is Europe's leading processor of commercial card payments, processing over 7 million transactions a year for more than 4,000 businesses. Among the topics discussed: the consumerisation of B2B payments, digital identity, ISO 20022, straight-through processing and the role of agentic AI.

AdTechGod Pod
Episode 137: The Data Quality Crisis in Digital Advertising with Scott McKinley of Truthset

AdTechGod Pod

Play Episode Listen Later Jun 9, 2026 29:45


Scott McKinley, Founder & CEO of Truthset, discusses the state of data quality, identity, and measurement in digital advertising. Scott shares why the industry continues to prioritize scale over accuracy, how data quality deteriorates throughout the supply chain, and why advertisers need to rethink legacy metrics like reach and CPMs. The conversation also explores identity, walled gardens, authentication, and the future of the open internet. Takeaways Data accuracy often declines significantly as data moves through the ad tech supply chain. Scale is frequently prioritized over quality, leading to inefficient advertising spend. Advertisers should focus on precision and outcomes rather than reach alone. Authentication is critical to improving identity and publisher monetization. Independent measurement remains essential for trust and accountability in advertising. Walled gardens continue to outperform because of durable identity systems. IP addresses are an unreliable long-term replacement for cookies. The open internet must improve identity infrastructure to remain competitive. Chapters 00:00 Introduction to Scott McKinley and Truthset 01:05 From Olympic cyclist to ad tech entrepreneur 03:01 The trust crisis in advertising and lessons from sports 05:25 Why advertising lacks accountability and regulation 07:00 Nielsen's role in independent measurement 09:00 Why Scott founded Truthset 11:17 Common misconceptions about data accuracy 14:20 The industry's obsession with scale over quality 17:53 Why reach is becoming an outdated metric 19:13 Signal loss, walled gardens, and measurement challenges 23:16 The future of identity in advertising 25:34 Why authentication is the path forward 25:51 The biggest misconception about IP addresses 26:43 What the open internet must do next 28:05 Closing thoughts Guests: AdTechGod Learn more about your ad choices. Visit megaphone.fm/adchoices

Oracle University Podcast
Encore: Networking & Security Essentials

Oracle University Podcast

Play Episode Listen Later Jun 5, 2026 17:27


How do all your devices connect and stay safe in the cloud? In this episode, Lois Houston and Nikita Abraham talk with OCI instructors about the basics of how networks work and the simple steps that help protect them. You'll learn how information gets from one place to another, why tools like switches, routers, and firewalls are important, and what goes into keeping access secure. The discussion also covers how organizations decide who can enter their systems and how they keep track of activity.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Radhika Banka, and the OU Studio Team for helping us create this episode.   ---------------------------------------------------------   Episode Transcript:  00:00 Hi there! We're hitting rewind for the next few weeks and bringing back some of our most popular episodes. So, sit back and enjoy these highlights from our archive. 00:12 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:38 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hi everyone! In the last episode, we spoke about local area networks and domain name systems. Today, we'll continue our conversation on the fundamentals of networking, covering a variety of important topics.  01:03 Lois: That's right, Niki. And before we close, we'll also touch on the basics of security. Joining us today are two OCI instructors from Oracle University: Sergio Castro and Orlando Gentil. So glad to have you both with us guys. Sergio, with so many users and devices connecting to the internet, how do we make sure everyone can get online? Can you break down what Network Address Translation, or NAT, does to help with this? Sergio: The world population is bigger than 4.3 billion people. That means that if we were to interconnect every single human into the internet, we will not have enough addresses. And not all of us are connected to the internet, but those of us who are, you know that we have more than one device at our disposal. We might have a computer, a laptop, mobile phones, you name it. And all of them need IP addresses. So that's why Network Address Translation exists because it translates your communication from a private IP to a public IP address. That's the main purpose: translate. 02:18 Nikita: Okay, so with NAT handling the IP translation, how do we ensure that the right data reaches the right device within a network? Or to put it differently, what directs external traffic to specific devices inside a network? Sergio: Port forwarding works in a reverse way to Network Address Translation. So, let's assume that this PC here, you want to turn it into a web server. So, people from the outside, customers from the outside of your local area network, will access your PC web server. Let's say that it's an online store. Now all of these devices are using the same public IP address. So how would the traffic be routed specifically to this PC and not to the camera or to the laptop, which is not a web server, or to your IP TV? So, this is where port forwarding comes into play. Basically, whenever it detects a request coming to port, it will route it and forward that request to your PC. It will allow anybody, any external device that wants to access this particular one, this particular web server, for the session to be established. So, it's a permission that you're allowing to this PC and only to this PC. The other devices will still be isolated from that list. That's what port forwarding is. 03:48 Lois: Sergio, let's talk about networking devices. What are some of the key ones, and what role do they play in connecting everything together? Sergio: There's plenty of devices for interconnectivity. These are devices that are different from the actual compute instances, virtual machines, cameras, and IPTV. These are for interconnecting networks. And they have several functionalities. 04:11 Nikita: Yeah, I often hear about a default gateway. Could you explain what that is and why it's essential for a network to function smoothly? Sergio: A gateway is basically where a web browser goes and asks a service from a web server. We have a gateway in the middle that will take us to that web server. So that's basically is the router. A gateway doesn't necessarily have to be a router. It depends on what device you're addressing at a particular configuration. So, a gateway is a connectivity device that connects two different networks. That's basically the functionality.  04:47 Lois: Ok. And when does one use a default gateway? Sergio: When you do not have a specific route that is targeting a specific router. You might have more than one router in your network, connecting to different other local area networks. You might have a route that will take you to local area network B. And then you might have another router that is connecting you to the internet. So, if you don't have a specific route that will take you to local area network B, then it's going to be utilizing the default gateway. It directs data packets to other networks when no specific route is known. In general terms, the default gateway, again, it doesn't have to be a router. It can be any devices. 05:34 Nikita: Could you give us a real-world example, maybe comparing a few of these devices in action, so we can see how they work together in a typical network? Sergio: For example, we have the hub. And the hub operates at the physical layer or layer 1. And then we have the switch. And the switch operates at layer 2. And we also have the router. And the router operates at layer 3. So, what's the big difference between these devices and the layers that they operate in? So, hubs work in the physical layer of the OSI model. And basically, it is for connecting multiple devices and making them act as a single network segment. Now, the switch operates at the data link layer and is basically a repeater, and is used for filtering content by reading the addresses of the source and destination. And these are the MAC addresses that I'm talking about. So, it reads where the packet is coming from and where is it going to at the local area network level. It connects multiple network segments. And each port is connected to a different segment. And the router is used for routing outside of your local area network, performs traffic directing functions on the internet. A data packet is typically forwarded from one router to another through different networks until it reaches its destination node. The switch connects multiple network segments. And each port of the switch is connected to a different segment. And the router performs traffic directing functions on the internet. It takes data from one router to another, and it works at the TCP/IP network layer or internet layer. 07:34 Lois: Sergio, what kind of devices help secure a network from external threats? Sergio: The network firewall is used as a security device that acts as a barrier between a trusted internal network and an untrusted external network, such as the internet. The network firewall is the first line of defense for traffic that passes in and out of your network. The firewall examines traffic to ensure that it meets the security requirements set by your organization, or allowing, or blocking traffic based on set criteria. And the main benefit is that it improves security for access management and network visibility. 08:23 Are you keen to stay ahead in today's fast-paced world? We've got your back! Each quarter, Oracle rolls out game-changing updates to its Fusion Cloud Applications. And to make sure you're always in the know, we offer New Features courses that give you an insider's look at all of the latest advancements. Don't miss out! Head over to mylearn.oracle.com to get started.  08:48 Nikita: Welcome back! Sergio, how do networks manage who can and can't enter based on certain permissions and criteria? Sergio: The access control list is like the gatekeeper into your local area network. Think about the access control list as the visa on your passport, assuming that the country is your local area network. Now, when you have a passport, you might get a visa that allows you to go into a certain country. So the access control list is a list of rules that defines which users, groups, or systems have permissions to access specific resources on your networks.  It is a gatekeeper, that is going to specify who's allowed and who's denied. If you don't have a visa to go into a specific country, then you are denied. Similar here, if you are not part of the rule, if the service that you're trying to access is not part of the rules, then you cannot get in. 09:49 Lois: That's a great analogy, Sergio. Now, let's turn our attention to one of the core elements of network security: authentication and authorization. Orlando, can you explain why authentication and authorization are such crucial aspects of a secure cloud network? Orlando: Security is one of the most critical pillars in modern IT systems. Whether you are running a small web app or managing global infrastructure, every secure system starts by answering two key questions. Who are you, and what are you allowed to do? This is the essence of authentication and authorization. Authentication is the first step in access control. It's how a system verifies that you are who you claim to be. Think of it like showing your driver's license at a security checkpoint. The guard checks your photo and personal details to confirm your identity. In IT systems, the same process happens using one or more of these factors. It will ask you for something you know, like a password. It will ask you for something that you have, like a security token, or it will ask you for something that you are, like a fingerprint. An identity does not refer to just a person. It's any actor, human or not, that interacts with your systems. Users are straightforward, think employees logging into a dashboard. But services and machines are equally important. A backend API may need to read data from a database, or a virtual machine may need to download updates. Treating these non-human identities with the same rigor as human ones helps prevent unauthorized access and improves visibility and security. After confirming your identity, can the system move on to deciding what you're allowed to access? That's where authorization comes in. Once authentication confirms who you are, authorization determines what you are allowed to do. Sticking with the driver's license analogy, you've shown your license and proven your identity, but that doesn't mean that you can drive anything anywhere. Your license class might let you drive a car, not a motorcycle or a truck. It might be valid in your country, but not in others. Similarly, in IT systems, authorization defines what actions you can take and on which resources. This is usually controlled by policies and roles assigned to your identity. It ensures that users or services only get access to the things they are explicitly allowed to interact with. 12:47 Nikita: How can organizations ensure secure access across their systems, especially when managing multiple users and resources?  Orlando: Identity and Access Management governs who can do what in our systems. Individually, authentication verifies identity and authorization grants access. However, managing these processes at scale across countless users and resources becomes a complex challenge. That's where Identity and Access Management, or IAM, comes in. IAM is an overarching framework that centralizes and orchestrates both authentication and authorization, along with other critical functions, to ensure secure and efficient access to resources.  13:35 Lois: And what are the key components and methods that make up a robust IAM system? Orlando: User management, a core component of IAM, provides a centralized Identity Management system for all user accounts and their attributes, ensuring consistency across applications. Key functions include user provisioning and deprovisioning, automating account creation for new users, and timely removal upon departure or role changes. It also covers the full user account lifecycle management, including password policies and account recovery. Lastly, user management often involves directory services integration to unify user information. Access management is about defining access permissions, specifically what actions users can perform and which resources they can access. A common approach is role-based access control, or RBAC, where permissions are assigned to roles and users inherit those permissions by being assigned to roles. For more granular control, policy-based access control allows for rules based on specific attributes. Crucially, access management enforces the principle of least privilege, granting only the minimum necessary access, and supports segregation of duties to prevent conflicts of interest. For authentication, IAM systems support various methods. Single-factor authentication, relying on just one piece of evidence like a password, offers basic security. However, multi-factor authentication significantly boosts security by requiring two or more distinct verification types, such as a password, plus a one-time code. We also have biometric authentication, using unique physical traits and token-based authentication, common for API and web services. 15:46 Lois: Orlando, when it comes to security, it's not just about who can access what, but also about keeping track of it all. How does auditing and reporting maintain compliance? Orlando: Auditing and reporting are essential for security and compliance. This involves tracking user activities, logging all access attempts and permission changes. It's vital for meeting compliance and regulatory requirements, allowing you to generate reports for audits. Auditing also aids in security incident detection by identifying unusual activities and providing data for forensic analysis after an incident. Lastly, it offers performance and usage analytics to help optimize your IAM system.  16:35 Nikita: That was an incredibly informative conversation. Thank you, Sergio and Orlando, for sharing your expertise with us. If you'd like to dive deeper into these concepts, head over to mylearn.oracle.com and search for the Cloud Tech Jumpstart course. Lois: I agree! This was such a great conversation! Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 16:58 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.  

How I Tested That
Chris Butler | How I Test AI Agents at GitHub

How I Tested That

Play Episode Listen Later May 27, 2026 49:07


SummaryIn this episode I'm joined by Chris Butler. He's a longtime product leader and operator whose career spans companies such as Microsoft, Google, Facebook, and now GitHub, where he works on agentic workflows across the organization.We explore how AI is reshaping the way modern product teams think, collaborate, ship and its ripple effects on how we manage process and decision making.  Chris and I chat about the messy realities behind agentic systems such as why removing too much friction can actually hurt decision quality and why qualitative research matters more now than ever before. Chris gives a candid behind the scenes look into what's working, what's failing, and why experimentation itself may become one of the most important capabilities in the AI era.If you've been wondering what testing AI Agents actually looks like inside a cutting edge company, this episode is for you.TakeawaysAI is collapsing traditional product development workflows, but not necessarily eliminating the need for product managers, engineers, or designers. Instead, roles are decomposing into smaller tasks where humans and machines each handle different types of work.Removing all friction from product development can actually reduce decision quality. Chris argues that tension between desirability, viability, and feasibility perspectives is still critical because reasoning often happens through human discussion, not just inside individual minds or AI systems.AI-generated “rude feedback” tools can help teams improve ideas faster because people are often more receptive to harsh critique from a machine than from another human. GitHub experimented with sarcastic AI Q&A systems that surfaced weak assumptions and missing details without the reputational risk of peer criticism.The future of AI inside organizations may be less about autonomous agents replacing humans and more about “process as code.” GitHub is experimenting with natural-language policy documents that both humans and agents can read to automate operational workflows, release management, and risk detection.Product teams are at risk of building faster without learning faster. Chris warns that vibe coding and rapid prototyping can unintentionally reduce time spent talking to customers and conducting qualitative research, which still remains essential for understanding mental models and uncovering hidden assumptions.Agentic workflows become most valuable when they reduce operational toil instead of replacing human judgment. GitHub is using AI to automate repetitive coordination tasks like release tracking, documentation generation, and status updates so teams can spend more time on strategic thinking and collaboration.Internal experimentation matters just as much as customer-facing innovation. Chris emphasizes that many AI workflow experiments inside GitHub are intentionally small, lightweight tests designed to explore possibilities quickly before deciding whether to scale, modify, or abandon them.The biggest long-term challenge for enterprise AI adoption may not be model capability, but integration, governance, and organizational coordination. Authentication, permissions, fragmented tooling, disconnected workflows, and siloed information remain major barriers to making agentic systems truly useful at scale.Guest LinksLinkedIn: https://www.linkedin.com/in/chrisbu/GitHub Next: https://githubnext.com/ If your leadership team is about to make a big strategic bet, the real risk usually isn't the idea, it's the assumptions behind it that haven't been surfaced yet. A Decision Sprint is a focused 6–12 week engagement where we extract, map, and test those risks so leaders can make a clear Commit, Correct, or Cut decision before major capital moves. Learn more or apply at precoil.com.

Cyber Security Today
GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill

Cyber Security Today

Play Episode Listen Later May 22, 2026 9:19


GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations. Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need. Timestamps: 00:00 Top Stories Rundown 00:24 GitHub Supply Chain Breach 01:09 Developer Workstations at Risk 02:31 Microsoft Ditches SMS MFA 04:15 Linux Root Escalation Flaw 06:11 Proton vs Canada Surveillance Bill 08:03 Wrap Up and Sign Off #cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews

The Powers Sports Memorabilia Show
Processing... What Are Case Hits? Kaboom, Downtown & Tips for Signing and Grading

The Powers Sports Memorabilia Show

Play Episode Listen Later May 22, 2026 27:35


Join us as we break down two of the most iconic case hits in the sports card hobby: Kaboom and Downtown. Whether you're a seasoned collector or just getting into high‑end inserts, this guide uncovers the key differences, market trends, and long‑term potential of these hobby favorites. Learn what sets each case hit apart, how rarity and design impact value, and which one might be the better chase for your collection or investment strategy. This is the ultimate breakdown every sports card collector needs.

The Powers Sports Memorabilia Show
Uncovering the Truth About Aftermarket Autographs with Sports Card Investor Tyler Nethercott

The Powers Sports Memorabilia Show

Play Episode Listen Later May 16, 2026 38:22


Join us as Sports Card Investor's Tyler Nethercott sheds light on the controversial topic of aftermarket autographs in the sports card industry. Discover the facts, myths, and risks associated with aftermarket autographs and learn how to navigate this complex market with confidence. Don't miss this eye-opening discussion that every sports card collector and investor needs to hear!1:07 – Aftermarket autographs5:06 – Discussion about card grading9:15 – Card grading details11:23 – What it takes to match PSA19:30 – Topps card design discussion24:24 – Starting a sports card collection28:23 – Autograph story32:13 – What is Market Movers?34:04 – Wrapping up

Identity At The Center
#422 - Decoded - Securing AI Agents with Standards You Already Have

Identity At The Center

Play Episode Listen Later May 15, 2026 78:17


Episode 422 is the debut of Decoded by Identity at the Center, a new sub-series hosted by Jeff Steadman and Sean O'Dell dedicated to unpacking the specifications and standards powering IAM. Joining them is Pieter Kasselman, VP of Open Standards at Defakto and chair of the WIMSE working group. The conversation covers why traditional non-human identity approaches break at agentic scale, how SPIFFE and SPIRE enable short-lived automated credential provisioning without long-lived secrets, and why treating agents as workloads unlocks a decade of existing standards. Pieter walks through critical OAuth specs including JWT authorization grant, token exchange, client ID metadata, and the emerging transaction tokens draft. Sean connects these to practical gateway architecture, continuous access evaluation, and policy-based authorization. The episode closes with real-world deployment examples and a clear takeaway: the tools to secure agentic identity are available today.Episode Links:Pieter Kasselman: https://www.linkedin.com/in/pieter-kasselman-0259862/AI Agent Authentication and Authorization: https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/Workload Identity in Multi-system environments (WIMSE): https://ietf-wg-wimse.github.io/OAuth SPIFFE Client Authentication: https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/Transaction Tokens: https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/08/Agentic Identity Control Framework. You Already Have the Pieces. Now Build It. by Sean O'Dell: https://www.linkedin.com/pulse/agentic-identity-control-framework-you-already-have-pieces-o-dell-61b5e/Timestamps:00:00 Introduction to Decoded by Identity at the Center00:13 The mission of the Decoded sub-series03:02 Guest intro: Pieter Kasselman, VP of Open Standards at Defakto06:21 Why agentic identity is urgent: scale, multi-platform, and shifting threat landscape10:42 The real cost of API keys and credential sprawl in agentic systems13:23 Agentic identity identifiers and how SPIFFE assigns unique workload IDs21:00 Credential types: X.509, JWTs, and workload identity tokens31:00 Connecting SPIFFE to OAuth and dynamic registration with client ID metadata38:18 SPIFFE SVIDs, multiple credentials per agent, and governance traceability41:44 Authentication versus authorization: delegation versus impersonation47:00 Transaction tokens: binding access to specific transactions to stop token theft51:21 Identity chaining and cross-domain authorization55:00 Shared Signals Framework and dynamic authorization57:00 Gateways, CAEP, and mid-flight token revocation for rogue agents59:31 What you can deploy today with SPIFFE, OAuth, and existing IDPs01:02:58 Policy-based access control and why instance-level governance cannot scale01:04:58 Workload identity federation: Anthropic and Google Agent ID updates01:07:13 Cross-platform federation and the law of agentic utility01:11:55 Elevator pitch: agents are workloads and 95% of the problem is solved now01:17:03 What is coming next: a transaction tokens deep diveKeywords:agentic identity, SPIFFE, SPIRE, OAuth, transaction tokens, Shared Signals Framework, WIMSE, workload identity, non-human identity, authorization delegation, JWT, CAEP, API gateway, IAM standards, AIMS, Jeff Steadman, Sean O'Dell, Pieter Kasselman, IDAC, Identity at the Center, Jim McDonald, Decoded by Identity at the CenterDecoded by Identity at the Center:Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Sean O'Dell: https://www.linkedin.com/in/seanodentity/Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Visit the show on the web at https://idacdecoded.com/

Payments on Fire
Episode 292 - Modern Authentication and the Impact on Payments Cost and Performance, with Amandeep Batra, Stripe and Dewald Nolte, Entersekt

Payments on Fire

Play Episode Listen Later Apr 29, 2026 75:23


This episode is a follow-up to our 2024 discussion with Stripe and Entersekt on the use of 3-D Secure (3DS) in markets where strong customer authentication is not mandated, particularly the United States. That earlier conversation was grounded in Stripe's analysis of US 3DS transactions and explored a counterintuitive but important finding: when 3DS is deployed selectively in unregulated markets, its presence can become correlated with higher-risk transactions, limiting its effectiveness and in some cases negatively impacting authorization outcomes. Since that episode, several developments have occurred, including new analysis by Stripe examining 3DS usage and performance in markets where authentication is required by regulation, a substantial increase in the use of EMVCo "network" tokenization, and research and messaging developed by Entersekt regarding the continued use of authentication in conjunction with tokenization. Chris Uriarte is delighted to welcome back Amandeep Batra from Stripe and Dewald Nolte from Entersekt to address these developments and to explore how authentication and tokenization interact in practice across different regulatory environments.

Sports Cards Nonsense
Upper Deck President Jason Masherah Joins to Discuss the $4.25M Michael Jordan Card Sale, Authentication Risks & Undervalued Markets

Sports Cards Nonsense

Play Episode Listen Later Apr 28, 2026 75:12


Upper Deck President Jason Masherah joins the show to break down one of the biggest moments in hobby history, the $4.25M Michael Jordan card sale. We dive into what makes this card so iconic, why it continues to set records decades later, and what it says about the current market. Jason also pulls back the curtain on sports memorabilia authentication, including how to spot real from fake, why authentication matters more than ever, and the risks collectors are taking without even realizing it. Plus, we get into: The most undervalued areas of the hobby right now How Upper Deck approaches scarcity, pricing, and collectors Why some memorabilia may actually be a better value than cards today And what the future of the hobby could look like If you collect cards or memorabilia, this is a must-listen. Learn more about your ad choices. Visit megaphone.fm/adchoices

Telecom Reseller
Unibeam features SIM-based authentication technology against account takeover and fraud, Podcast

Telecom Reseller

Play Episode Listen Later Apr 20, 2026 8:18


Carlos da Silva, Chief Product Officer of Unibeam, discusses SIM-based authentication technology with Don Witt from Channel Daily News a TR Publication. Carlos explained Unibeam’s SIM-based authentication technology, which uses information stored in SIM cards to provide enhanced security against account takeover and fraud, particularly addressing the limitations of traditional SMS OTP authentication methods. He discussed how their solution works through cellular networks rather than the internet, making it more secure while maintaining ease of use for users. Carlos DaSilva Mr. Carlos da Silva also shared some insight on the following topics: The top cybersecurity threats facing customers of mobile operators today Why passwords, traditional MFA, and other authentication methods are no longer effective in this threat landscape. SIM-based authentication, and how is it making a difference. Additional insight about Unibeam. SIM-based authentication is being adopted in a few markets For more information, go to: https://unibeam.com/

ITSPmagazine | Technology. Cybersecurity. Society
One Key to Rule Them All: Physical Access, Digital Login, and Post-Quantum Security | A Brand Highlight at RSAC Conference 2026 with Alexander Summerer, Head of Authentication at Swissbit

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 2, 2026 9:54


Most enterprise authentication today is still built on passwords or one-time codes -- and neither is phishing-resistant. Alexander Summerer explains that fraud remains the core challenge: attackers intercept credentials in the online channel, and users are burdened with complex password policies that slow them down without making them safer. Swissbit's answer is the iShield Key, a FIDO2-based hardware security key that is plug and play. No passwords to remember, no codes to intercept, and no chance for a phishing attack to succeed. What sets Swissbit apart at RSAC Conference 2026 is convergence. The same iShield Key that authenticates a user at their workstation can also open a door. Tap it on an HID reader in a healthcare facility, a university, or a manufacturing plant, and access is granted -- physical and digital, in one device. Swissbit is the only vendor on the market today offering this combination, with HID Seos support now available and a global partner network ready to deploy at scale. The forward story is post-quantum cryptography. Alexander Summerer notes that quantum computing poses a real and coming threat to standard authentication algorithms. Swissbit is already previewing a PQC evaluation platform at booth 6565 -- a device that runs a post-quantum chip alongside the traditional chip. Organizations can upgrade to PQC-protected authentication with the same hardware, keeping legacy use cases running without disruption. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Alexander Summerer, Head of Authentication, Swissbit LinkedIn: https://www.linkedin.com/in/alexander-summerer RESOURCES Swissbit: https://www.swissbit.com iShield Key product page: https://www.swissbit.com/en/products/security-products/ishield-key/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Alexander Summerer, Swissbit, Sean Martin, RSAC Conference 2026, hardware security key, FIDO2, phishing-resistant authentication, passwordless authentication, physical access control, post-quantum cryptography, PQC, iShield Key, HID Seos, enterprise authentication, zero trust, brand story, brand marketing, marketing podcast, brand highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Luka Nation Network
THWC 355: My Ebay/Psa Authentication Drama

Luka Nation Network

Play Episode Listen Later Mar 26, 2026 20:50


I bought a card...and then it fell apart. Or did it?Perhaps telling this story can improve the process?

Analyse Asia with Bernard Leong
Elastic: From Search Recipes to AI Infrastructure at Scale with Ken Exner

Analyse Asia with Bernard Leong

Play Episode Listen Later Mar 24, 2026 38:29


Fresh out of the studio, Ken Exner, Chief Product Officer at Elastic, joins us to explore how Elastic evolved from the world's most popular open-source search engine into the context layer powering modern AI applications and agent systems. He shares his career journey from database programming to over 16 years at Amazon building AWS resilience practices, and now leading product strategy where search, observability, and security converge into a unified AI platform. Ken explains why context engineering is the defining discipline of the AI age, where developers become managers of agents, and how Elastic's 15-year enterprise head start positions it as the foundational retrieval layer between enterprise data and LLMs."I like to think of the future of software development is—developers will be managers of agents. They're no longer going to be ICs [Individual Contributors], they're going to be managers. Every developer is going to be a manager of agents and they're going to be doing context engineering. They're going to be figuring out how to pass context and data to an LLM or an agent. And they're going to be goal setting. They're going to have their team of agents, and they're going to give them goals, and they're going to review the output." - Ken Exner Episode Highlights: [00:00] Quote of the Day by Ken Exner from Elastic[00:51] Ken's origin story: database programmer to Amazon[02:07] What attracted Ken to Elastic[02:51] Lessons from building resilient systems at AWS[04:34] How Elastic evolved from search to AI infrastructure[07:06] Elastic today: context engineering, observability, security[09:42] Why observability will be fundamentally transformed by AI[10:48] How early vector search prepared Elastic for GenAI[12:53] Context engineering: ingestion, retrieval, evaluation[15:39] The 10-year head start over purpose-built competitors[20:57] A developer's day is now all context engineering[24:16] Elastic as the bridge between enterprise data and LLMs[26:13] Agent Builder capabilities for customers[28:09] Data, tools, and context in the Elastic framework[29:39] Elastic on battleships and a Mars rover[31:00] The disorienting acceleration of AI coding models[32:07] Developers will be managers of agents[34:00] Authentication and identity for autonomous agents[35:30] Great in five years: the foundational AI layer[36:14] Disrupting observability and security from within[36:36] ClosingProfile: Ken Exner, Chief Product Officer, ElasticLinkedIn: https://www.linkedin.com/in/ken-exner-b914542/Podcast Information: Bernard Leong hosts and produces the show. The proper credits for the intro and end music are "Energetic Sports Drive." G. Thomas Craig mixed and edited the episode in both video and audio format.

PodRocket - A web development podcast from LogRocket
TanStack, TanStack Start, and what's coming next with Tanner Linsley [Repeat]

PodRocket - A web development podcast from LogRocket

Play Episode Listen Later Mar 19, 2026 45:56


In this repeat episode, Jack Herrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com, or tweet at us at PodRocketPod. Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form, and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStackSpecial Guests: Jack Herrington and Tanner Linsley.

The Cloudcast
Kagenti - A Kubernetes Control Plane for AI Agents

The Cloudcast

Play Episode Listen Later Mar 18, 2026 40:35


SUMMARY: Morgan Foster talks about the Kagenti project, which enables an AI Agent agnostic framework for security, authentication, identity and zero-trust.SHOW: 1011SHOW TRANSCRIPT: The Reasoning Show #1011 TranscriptSHOW VIDEO: https://youtu.be/djFZruLEDiwSHOW NOTES:Kagenti (homepage)Kagenti (use-cases)“Old Things that look like Agents”“What makes Agents different?”CNV - What Makes Agents Different?“Handing your phone to a stranger, why Agents need their own identity”Topic 1 - Welcome to the show. Tell us a little bit about your background and areas you focus on today. Topic 2 - Tell us a bit about the Kagenti project and the types of challenges it's trying to solve for Agentic AI deployments. Topic 3 - How much commonality exists between different Agentic frameworks that a common, agnostic agentic orchestration approach can work? And how much difference still exists and would drive companies to silo'd deployments? Topic 4 - How far should an Agentic Orchestration framework go, and what types of things do you expect will still be Agentic framework dependent? Is Kagenti more of a control-plane element, or more of a data-plane element? Topic 5 - As Kagenti evolves, what are some of the adjacent things that people should be keeping an eye on that might be a dependency, or could shift the direction of the project?FEEDBACK?Email: show @ reasoning dot showBluesky: @reasoningshow.bsky.socialTwitter/X: @ReasoningShowInstagram: @reasoningshowTikTok: @reasoningshow

ABA Pandemic Update
How AI is supercharging identity fraud

ABA Pandemic Update

Play Episode Listen Later Mar 18, 2026 24:18


Generative AI is making identity fraud and social engineering easier, cheaper  and more scalable — especially through deepfakes, synthetic identities and other emerging AI-agent risks — so traditional ID verification is increasingly unreliable. Discussing these challenges for banks on this episode of the ABA Fraudcast with Paul Benda of the American Bankers Association are Jeremy Grant of the Better Identity Coalition and John Carlson, senior vice president for cybersecurity regulation and resilience at the American Bankers Association.  Two recent papers are referenced in this episode: Mitigating AI-Powered Attacks Against Identity and Authentication, intended for financial institutions, cybersecurity and fraud professionals, AI service providers, telecommunications companies and policymakers at regulatory agencies and in legislative bodies who are responsible for safeguarding identity systems and mitigating the risks posed by Gen AI; and Recommendations for Policymakers: Mitigating AI-Powered Attacks Against Identity and Authentication, both authored by Financial Services Sector Coordinating Council's Artificial Intelligence and Identity and Authentication Workstream (AI-IA), which was co-chaired by the American Bankers Association and Better Identity Coalition. For ABA's fraud prevention resources go to aba.com/protectyourmoney. ABA's scam prevention campaigns #BanksNeverAskThat and #PracticeSafeChecks are newly updated as well. The ABA Foundation's Protecting Older Americans page includes useful resources to assist the fight against elder financial exploitation and additional increasing threats.  ABA Fraudcast host is Paul Benda, EVP, risk, fraud and cybersecurity at American Bankers Association.

Joey Pinz Discipline Conversations
#830 Cybersecurity Summit Tampa 2026 - Mike Siers:

Joey Pinz Discipline Conversations

Play Episode Listen Later Mar 11, 2026 30:48 Transcription Available


Send a textHow do we protect ourselves in a digital world where attackers face almost no real consequences?In this episode of Joey Pinz Discipline Conversations, Joey Pinz sits down with cybersecurity founder and inventor Mike Siers for a thought-provoking conversation that challenges everything we assume about online security, identity, and trust.Mike's journey begins in the Florida National Guard and a deployment to Afghanistan, where life-altering experiences shaped how he sees service, responsibility, and problem-solving. That same mindset later led him into healthcare innovation—and eventually into cybersecurity—after realizing that the internet lacks one critical element found in the physical world: real risk for bad actors.Inspired by military strategy and an MIT thesis on cyber power projection, Mike explains a radical idea: what if unauthorized access attempts cost money? Instead of defenders absorbing endless attacks, attackers would inherit the risk before they even try.This conversation explores how empathy fuels innovation, why most cybersecurity models are reactive by design, and how shifting incentives could dramatically change online behavior. It's a powerful look at leadership, responsibility, and building solutions not just for today—but for the next generation. ⭐ Top 3 Highlights

Semaphore Uncut
Product News: OAuth Authentication for the Semaphore MCP Server

Semaphore Uncut

Play Episode Listen Later Mar 6, 2026 2:06


We're preparing a new update for the Semaphore MCP server that will make it easier for developers to connect AI agents and developer tools.The focus of this update is authentication.Today, connecting an agent to the MCP server typically requires using a long-lived API token. While this works well, it also means developers need to generate credentials, store them in configuration files, and manage them manually.In our next release, coming next week, we're introducing OAuth authentication support for the MCP server.This will make connecting agents and developer tools significantly simpler.Instead of generating and storing API tokens, developers will be able to authenticate through a familiar OAuth flow. When configuring an agent, a browser window opens, you log in, and approve access to the MCP server. Once approved, the connection is established automatically.This approach removes the need to manage long-lived credentials and makes integrations easier to set up.It also improves compatibility with modern agentic development tools. Some tools have limitations when working with static API tokens, and OAuth removes those barriers.Read more on our blog.Pete MiloravacThe Semaphore Teamhttps://semaphore.io This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit semaphoreio.substack.com

CX Passport
The One With the American Medical Association CX – Gloria Gupta E252

CX Passport

Play Episode Listen Later Mar 3, 2026 35:11 Transcription Available


What's on your mind? Let CX Passport know...Gloria Gupta leads CX transformation at the American Medical Association.Not a small lift. Not a short-term initiative.A 200-year-old institution.450 million in revenue.Physicians as customers.Patients as the ultimate impact.In this episode, Gloria shares what it really takes to unify service, build enterprise CX, and make customer experience a measurable attribute of brand and culture.5 Key Insights• The AMA's primary customer is the physician … but the physician's customer is the patient• CX transformation began by unifying service into one omnichannel team serving 98% of AMA service interactions• More than 900 improvements have been implemented across the enterprise, many of them significant• 400 employees are directly involved in CX … one in four across the organization• The shared mission: identify and remove customer frictionCHAPTERS00:00 Intro and Rick's personal AMA connection02:00 Who is the AMA customer?04:00 Why CX matters at a 200-year-old institution08:00 Healthcare evolution … EHRs, COVID, telehealth, and AI13:30 Unifying service across the enterprise17:00 Authentication friction and enterprise CX launch20:00 Building trust through measurable wins22:30 First Class Lounge26:50 900 improvements and aftercare strategy30:30 AI, policy, and the future of healthcare CX33:00 Real data, real outcomes, real collaborationConnect with GloriaLinkedIn: https://www.linkedin.com/in/gloria-gupta-rdh-ms-fcxp-4760939/Listen: https://www.cxpassport.comWatch: https://www.youtube.com/@cxpassportNewsletter: https://cxpassport.kit.com/signupI'm Rick Denton and I believe the best meals are served outside and require a passport.Disclaimer: This podcast is for informational and entertainment purposes only. The views and opinions expressed are those of the hosts and guests and should not be taken as legal, financial, or professional advice. Always consult with a qualified attorney, financial advisor, or other professional regarding your specific situation. The opinions expressed by guests are solely theirs and do not necessarily represent the views or positions of the host(s).

Cyber Security Today
Cisco SD-WAN Bug Actively Exploited

Cyber Security Today

Play Episode Listen Later Feb 27, 2026 10:15


Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

Federal Drive with Tom Temin
DoD memo's use cases clarify mission impact of new policies on PKI credentials, expanded authentication

Federal Drive with Tom Temin

Play Episode Listen Later Feb 20, 2026 9:29


One of the key highlights of the Defense Department's recent memo on multi-factor authentication for unclassified and secret networks is the clarification that DoD Public Key Infrastructure — not the common access card itself — is the department's primary authenticator. Previous policies would often go back and forth between describing the CAC or PKI as DoD's primary credential, creating confusion. Plus, the memo finally introduces passwordless authentication methods designed to give service members faster, more flexible access to systems. For more, Federal News Network's Anastasia Obis spoke with Alex Antrim and Adam Oliver, senior solutions engineers at Yubico..See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

There Are Too Many Movies
311. Face/Off | Two-Face Authentication

There Are Too Many Movies

Play Episode Listen Later Feb 17, 2026 76:59


The bois discuss Face/Off, Sovereign, Grease, Dogman, and more!Join our Patreon for bonus episodes, supplements, Discord access, and more: https://www.patreon.com/therearetoomanymoviesMerch: https://www.toomanymovies.com/shopInstagram:https://www.instagram.com/therearetoomanymovies/TikTok:https://www.tiktok.com/@therearetoomanymoviesListen on Spotify:https://open.spotify.com/show/7lwOlPvIGdlmr6XjnLIAkG?si=4e3d882515824466Subscribe on iTunes:https://podcasts.apple.com/us/podcast/there-are-too-many-movies/id1455789421Twitch:https://www.twitch.tv/therearetoomanymoviesTwitter:http://www.twitter.com/tatmmpod00:00:00 Cold Open00:00:34 Intro00:05:53 3:10 To Yuma00:08:01 Sovereign00:11:00 The Big Hit00:14:07 The Alamo00:22:03 Grease00:24:03 How To Marry A Millionaire00:25:16 The Aristocats00:27:06 Schitt's Creek00:29:26 In My Skin00:31:40 Dogman00:34:12 Portrait Of A Lady On Fire00:35:21 Strange Harvest00:37:43 Face/Off01:08:57 Is It Cinema?01:11:07 DMT (Dumb Movie Title)01:12:28 Guess The Budget01:13:44 Actor Game01:16:18 Outro

All TWiT.tv Shows (MP3)
Hands-On Windows 176: A Practical Guide to Secure, Passwordless Logins

All TWiT.tv Shows (MP3)

Play Episode Listen Later Feb 12, 2026 15:53 Transcription Available


Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

All TWiT.tv Shows (Video LO)
Hands-On Windows 176: A Practical Guide to Secure, Passwordless Logins

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Feb 12, 2026 15:53 Transcription Available


Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

Paul's Security Weekly
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369

Paul's Security Weekly

Play Episode Listen Later Feb 10, 2026 69:24


When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-369

Paul's Security Weekly TV
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369

Paul's Security Weekly TV

Play Episode Listen Later Feb 10, 2026 69:24


When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Show Notes: https://securityweekly.com/asw-369

Application Security Weekly (Audio)
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369

Application Security Weekly (Audio)

Play Episode Listen Later Feb 10, 2026 69:24


When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-369

KuppingerCole Analysts
Analyst Chat #286: Modern Authorization Architectures & AuthZEN

KuppingerCole Analysts

Play Episode Listen Later Feb 9, 2026 42:23


Authorization is changing, moving from static roles and provisioning to dynamic, real-time, policy-based decisions. But without standardization, modern authorization quickly becomes fragmented and unmanageable. In this episode of the Analyst Chat, Matthias Reinwarth is joined by David Brossard, contributor and co-chair of the OpenID AuthZEN Working Group, and Phillip Messerschmidt, Lead Advisor at KuppingerCole, to discuss how authorization is evolving — and why AuthZEN is a critical missing standard. You’ll learn:✅ Why RBAC is still relevant, but no longer sufficient on its own✅ How ABAC and PBAC address scalability, context, and dynamic access✅ Why role explosion and authorization silos limit visibility and governance✅ How runtime, continuous authorization supports Zero Trust architectures✅ What AuthZEN standardizes — and what it deliberately does not✅ How externalized authorization improves auditability and compliance✅ Why CISOs and architects should start asking vendors for AuthZEN support✅ How AuthZEN fits into the Identity Fabric and Road to EIC vision Authentication has been standardized for years — authorization is finally catching up. Watch now to understand how AuthZEN enables scalable, future-proof authorization for modern applications, APIs, and identity fabrics.

CISSP Cyber Training Podcast - CISSP Training Program
CCT 321: From BIOS Passwords To ABAC - Practice CISSP Questions

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Feb 5, 2026 22:24 Transcription Available


Send us a textA surprising number of security leaders admit they're flying blind on hardware and firmware. We start by exposing how shared BIOS passwords, slow maintenance cycles, and careless e‑waste practices create avoidable risk, then lay out the fixes: privileged vaulting, disciplined asset disposition, and practical ways to repurpose gear without leaking data. That real-world foundation sets the stage for a focused tour through CISSP Domain 5—Identity and Access Management—built for practitioners who want clarity over jargon.We break down least privilege in plain terms and show how to reduce the initial friction with cleanly defined roles and entitlement catalogs. From there, we compare RBAC and ABAC: when baseline roles are enough, and when context-aware attributes like device, location, and data sensitivity should drive policy. Authentication gets the same treatment. Multi-factor authentication, biometrics, and phishing-resistant methods raise the bar, while single sign-on and identity federation streamline access across cloud apps using standards like OAuth, OpenID Connect, and SAML. In modern cloud environments, token-based models win for scalability and security, and we explain why.Governance ties it all together. We walk through identity proofing for solid onboarding, separation of duties to curb fraud, and IGA workflows that make approvals, recertifications, and audits far less painful. Regular access reviews emerge as the unsung hero that prevents privilege creep before it becomes an incident. If you're prepping for the CISSP—or just tightening your IAM program—this episode gives you the why behind the what, with steps you can apply today.Enjoyed the conversation and want more deep dives? Subscribe, share with a teammate who needs a quick IAM refresher, and leave a review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The Daily Scoop Podcast
The US wants to push its view of AI cybersecurity standards to the rest of the world

The Daily Scoop Podcast

Play Episode Listen Later Feb 2, 2026 6:43


The U.S. government wants the rest of the world to adopt its artificial intelligence cybersecurity standards, a top official with the Office of the National Cyber Director said Thursday. As part of an effort to advance American AI, the administration will be “undertaking diplomacy efforts to promote American AI cybersecurity standards and norms, establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools,” said Alexandra Seymour, principal deputy assistant national cyber director for policy. Seymour's comments at the 2026 Identity, Authentication, and the Road Ahead Policy Forum in Washington, D.C. partially reflect the Trump administration's AI Action Plan released last summer, which said the departments of Commerce and State would “vigorously advocate for international AI governance approaches that promote innovation, reflect American values, and counter authoritarian influence,” but doesn't explicitly mention international promotion of cybersecurity standards. Some of that effort has already materialized, with internationally oriented guides released in both May and December. The United States also isn't the only one looking to influence international standards for AI security. AI also figures into the yet-to-be-released national cybersecurity strategy that Seymour's office has been developing. And it dovetails with a pillar of the strategy focused on defending federal networks. Seymour said: “While AI is already helping industries enhance security and address the challenge of escalating cyberattacks, this administration will promote the rapid implementation of AI-enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors on our federal systems. We must get our house in order. They need rapid modernization, and we're working on policies to harden our networks, update our technologies and ensure we're prepared for a post-quantum future.”

Pod of Wonder
S12E10 - Worse Than No Authentication

Pod of Wonder

Play Episode Listen Later Jan 28, 2026 49:37


Bonus "In which:" In which Two Factor Authentication would be a great title for this episode if any of us said that phraseArticlesThe Accounts of JingkangDragostea din tei Martha's Vineyard Sign LanguageJabberwock (magazine)Follow us on the social medias! - The show: https://bsky.app/profile/podofwonder.bsky.social - Danny: https://bsky.app/profile/dannyplaysrpgs.bsky.social & http://dannymakesrpgs.itch.io - Morgan: http://instagram.com/morganthefae & https://bsky.app/profile/m0rgan.bsky.social - Matt: https://bsky.app/profile/mattprovance.bsky.social

그레이스언약교회 팟캐스트 GCCK Podcast
From Imposter Syndrome to DIVINE AUTHENTICATION 야곱에서 이스라엘으로 (Audio)

그레이스언약교회 팟캐스트 GCCK Podcast

Play Episode Listen Later Jan 25, 2026


God transforms us from insecurity and false identity into people divinely authenticated by Him, just as Jacob became Israel. 하나님께서는 야곱이 이스라엘로 변화된 것처럼, 우리의 불안과 거짓된 정체성을 거두시고 하나님께서 친히 확증하신 존재로 변화시키십니다.

Talk Python To Me - Python conversations for passionate developers
#535: PyView: Real-time Python Web Apps

Talk Python To Me - Python conversations for passionate developers

Play Episode Listen Later Jan 23, 2026 67:56 Transcription Available


Building on the web is like working with the perfect clay. It's malleable and can become almost anything. But too often, frameworks try to hide the web's best parts away from us. Today, we're looking at PyView, a project that brings the real-time power of Phoenix LiveView directly into the Python world. I'm joined by Larry Ogrodnek to dive into PyView. Episode sponsors Talk Python Courses Python in Production Links from the show Guest Larry Ogrodnek: hachyderm.io pyview.rocks: pyview.rocks Phoenix LiveView: github.com this section: pyview.rocks Core Concepts: pyview.rocks Socket and Context: pyview.rocks Event Handling: pyview.rocks LiveComponents: pyview.rocks Routing: pyview.rocks Templating: pyview.rocks HTML Templates: pyview.rocks T-String Templates: pyview.rocks File Uploads: pyview.rocks Streams: pyview.rocks Sessions & Authentication: pyview.rocks Single-File Apps: pyview.rocks starlette: starlette.dev wsproto: github.com apscheduler: github.com t-dom project: github.com Watch this episode on YouTube: youtube.com Episode #535 deep-dive: talkpython.fm/535 Episode transcripts: talkpython.fm Theme Song: Developer Rap

No Password Required
No Password Required Podcast Episode 68 — Rob Hughes

No Password Required

Play Episode Listen Later Jan 20, 2026 44:51


Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

Technology Tap
Top 10 Hacks in 2025 Part 1

Technology Tap

Play Episode Listen Later Dec 31, 2025 26:09 Transcription Available


professorjrod@gmail.comWhat if the scariest hacks of 2025 never looked like hacks at all? We break down five real-world scenarios where attackers didn't smash locks—they used the keys we handed them. From an AI-cloned voice that sailed through a wire transfer to a building's HVAC console that quietly held elevators and doors hostage, the common thread is hard to ignore: trust. Trusted voices, trusted vendors, trusted “boring” systems, trusted sessions, and trusted APIs became the most valuable attack surface of the year.We start with a “boring” phone call that proves how caller ID and confidence can defeat policy when culture doesn't empower people to challenge authority. Then we step into the mechanical room: cloud dashboards for HVAC and badge readers, vendor-shared credentials, and thin network segmentation made physical denial of service as simple as logging in. The pivot continues somewhere few teams watch—libraries—where an unpatched management system bridged city HR, school portals, and public access with zero alarms, because nothing looked broken.Authentication takes a hit next. MFA worked, yet attackers won by stealing active LMS session tokens from a neglected component and riding valid access for weeks. No failed logins, no brute force—just continuation that our tools rarely question. Finally, we open the mobile app and watch the traffic. Clean, well-formed API calls mapped pricing rules, loyalty balances, and inventory signals at scale. Not a single malformed request, but plenty of business logic abuse that finance noticed before security did.If you care about cybersecurity, IT operations, or the CompTIA mindset, the takeaways are clear: shorten trust windows, verify context continuously, rotate and scope vendor access, segment OT from IT, treat libraries and civic tech as real attack surface, bind tokens to devices, and put rate limits and behavior analytics at the heart of your API strategy. Ready to rethink where your defenses are blind? Listen now, share with your team, and tell us which assumption you'll challenge first. And if this helped, subscribe, leave a review, and pass it on to someone who needs a wake-up call.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Immigration Review
Ep. 296 - Precedential Decisions from 12/22/2025 - 12/28/2025 (bond; material support; asylum; PSG; family-based; business ownership; authentication of records; crime of child abuse; jurisdiction; extraordinary circumstances; mixed questions)

Immigration Review

Play Episode Listen Later Dec 30, 2025 40:24


Matter of Ghanbari, 29 I&N Dec. 376 (BIA 2025)·       bond; mandatory detention; material support to a terrorist organization; propaganda; non-violent conductRamos-Hernandez v. Bondi, No. 25-1038 (1st Cir. Dec. 22, 2025)·       asylum; withholding of removal; Guatemala; particular social group; family-based; business ownership; persecution; isolated eventsCampuzano v. Bondi, No. 24-60575 (5th Cir. Dec. 22, 2025)·       authentication of criminal records; INA § 240(c)(3)(C); crime of child abuse; INA § 237(a)(2)(E)(i); categorical approach; modified categorical approachRuiz v. Bondi, No. 23-1095 (9th Cir. Dec. 22, 2025)·       jurisdiction; extraordinary circumstances; INA § 208(a)(2)(D); one-year filing deadline; 8 U.S.C. § 1252(a)(2)(D); mixed questions; discretion; asylum; withholding of removal; administrative closureKurzban Kurzban Tetzeli and Pratt P.A.Immigration, serious injury, and business lawyers serving clients in Florida, California, and all over the world for over 40 years. Eimmigration "Simplifies immigration casework. Legal professionals use it to advance cases faster, delight clients, and grow their practices."Special Link! Gonzales & Gonzales Immigration BondsP: (833) 409-9200immigrationbond.com  EB-5 Support"EB-5 Support is an ongoing mentorship and resource platform created specifically for immigration attorneys."Contact: info@eb-5support.comWebsite: https://eb-5support.com/Stafi"Remote staffing solutions for businesses of all sizes"Click me!Want to become a patron?Click here to check out our Patreon Page!CONTACT INFORMATION:Email: kgregg@kktplaw.comFacebook: @immigrationreviewInstagram: @immigrationreviewTwitter: @immreviewAbout your hostCase notesRecent criminal-immigration article (p.18)Featured in San Diego VoyagerSupport the show

The Bend
The Family Tech Talk Seniors Need: Password Safety, Two-Step Authentication & Rare White Pheasant News

The Bend

Play Episode Listen Later Dec 20, 2025 27:00


The Tech talk to have with family over the holidays. We dive into why tracking passwords and setting up two-step authentication safely is a must—especially for seniors and elderly users. Plus we have hunting news of a rare pheasant. Join radio hosts Rebecca Wanner aka ‘BEC' and Jeff ‘Tigger' Erhardt (Tigger & BEC) with the latest in Outdoors & Western Lifestyle News! Rare White Pheasant Harvested in North Dakota According to KFYR TV, a Minot, North Dakota hunter harvested a rare white Pheasant south of the city on December 7, 2025. 37-year-old Eric Henke of Minot first saw the bird a few years ago on his family farm. A couple weeks ago, he and six others, plus four dogs, went out for a pheasant hunt. The group flushed the bird, and it flew into some brush. It was flushed again about 10 yards from Henke. With a pull of the trigger from his Benelli Super Black Eagle II 12 gauge, the bird dropped and ran, thankful to have one of the dogs retrieve it for him. Henke is now having the bird mounted by Dakota Taxidermy in Bismarck, North Dakota. In addition to being a rare white pheasant, it also had magnificent tail feathers that measured to about 22.5 inches long. Congrats Eric Henke! The Importance of Tracking Passwords and Two-Step Authentication for Seniors and Families Why Password Management Is More Important Than Ever In today's digital world, almost every essential service requires a password—banking, medical portals, email, social security accounts, utilities, and even prescription refills. For elderly and older adults, managing multiple passwords can quickly become overwhelming. Forgotten passwords, locked accounts, and inaccessible phones can lead to stress, financial risk, and complete loss of access to critical services. Common Problems Seniors Face: Forgotten passwords or PINs Locked accounts due to failed login attempts Smartphones breaking, updating, or resetting Two-step authentication codes sent to unavailable devices Difficulty remembering complex security rules Without a proper system in place, a simple phone update can become a major crisis. What Is Two-Step Authentication (2FA) — and Why It Can Be Risky Without Backup Two-step authentication (also called 2FA or multi-factor authentication) adds an extra layer of security by requiring: Something you know (password) Something you have (phone, text message, authentication app) While 2FA improves security, it can lock users out permanently if: The phone is lost or broken The phone number changes The device updates or resets The authentication app is deleted This is especially dangerous for seniors who rely on one single smartphone. How to Set Up Two-Step Authentication the Right Way (Senior-Friendly) To avoid lockouts, seniors and families should always set up backup access options. Best Practices: Save backup recovery codes on paper and digitally Add a trusted family member's email or phone number Use authentication apps that allow device recovery Avoid using only SMS codes when possible Tip: Print recovery codes and store them in a safe, labeled folder at home. Final Checklist for Seniors and Caregivers Track all passwords in one secure place Set up 2FA with backup recovery options Share access with trusted family members Store printed recovery information safely Review passwords yearly or after major updates Final Thought - A broken phone or forgotten password should never mean losing access to your life. OUTDOORS FIELD REPORTS & COMMENTS We want to hear from you! If you have any questions, comments, or stories to share about bighorn sheep, outdoor adventures, or wildlife conservation, don't hesitate to reach out. Call or text us at 305-900-BEND (305-900-2363), or send an email to BendRadioShow@gmail.com. Stay connected by following us on social media at Facebook/Instagram @thebendshow or by subscribing to The Bend Show on YouTube. Visit our website at TheBendShow.com for more exciting content and updates! https://thebendshow.com/ https://www.facebook.com/thebendshow WESTERN LIFESTYLE & THE OUTDOORS Jeff ‘Tigger' Erhardt & Rebecca ‘BEC' Wanner are passionate news broadcasters who represent the working ranch world, rodeo, and the Western way of life. They are also staunch advocates for the outdoors and wildlife conservation. As outdoorsmen themselves, Tigger and BEC provide valuable insight and education to hunters, adventurers, ranchers, and anyone interested in agriculture and conservation. With a shared love for the outdoors, Tigger & BEC are committed to bringing high-quality beef and wild game from the field to your table. They understand the importance of sharing meals with family, cooking the fruits of your labor, and making memories in the great outdoors. Through their work, they aim to educate and inspire those who appreciate God's Country and life on the land. United by a common mission, Tigger & BEC offer a glimpse into the life beyond the beaten path and down dirt roads. They're here to share knowledge, answer your questions, and join you in your own success story. Adventure awaits around the bend. With The Outdoors, the Western Heritage, Rural America, and Wildlife Conservation at the forefront, Tigger and BEC live this lifestyle every day. To learn more about Tigger & BEC's journey and their passion for the outdoors, visit TiggerandBEC.com. https://tiggerandbec.com/

PodRocket - A web development podcast from LogRocket
TanStack, TanStack Start, and what's coming next with Tanner Linsley

PodRocket - A web development podcast from LogRocket

Play Episode Listen Later Dec 18, 2025 45:56


Jack Harrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStack Special Guest: Tanner Linsley.

RunAs Radio
Zero Trust in 2026 with Michele Bustamante

RunAs Radio

Play Episode Listen Later Dec 17, 2025 41:09


How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

Trust Issues
EP 21 - When attackers log in: Pausing for perspective in the age of instant answers

Trust Issues

Play Episode Listen Later Dec 16, 2025 43:50


In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk's Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today's attackers aren't breaking in—they're logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.The discussion explores how the rise of AI is eroding critical thinking, making it easier for even seasoned professionals to fall for convincing scams. Higgins and Puner break down the dangers of instant answers, the importance of “never trust, always verify,” and why zero standing privilege is essential for defending against insider threats. They also tackle the risks of shadow AI, the growing challenge of misinformation, and how organizations can build a culture of vigilance without creating a climate of mistrust.Whether you're a security leader, IT professional, or just curious about the future of digital trust, this episode delivers actionable insights on identity security, cyber hygiene, and the basics that matter more than ever in 2026 and beyond.

ITSPmagazine | Technology. Cybersecurity. Society
AI, Quantum, and the Changing Role of Cybersecurity | ISC2 Security Congress 2025 Coverage with Jon France, Chief Information Security Officer at ISC2 | On Location with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Dec 3, 2025 26:22


What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

Identity At The Center
#389 - Sponsor Spotlight - Aembit

Identity At The Center

Play Episode Listen Later Dec 3, 2025 53:32


This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

thinkfuture with kalaboukis
1119 The End of Passwords | Bojan Simic on HYPR, Identity, and the Future of Authentication

thinkfuture with kalaboukis

Play Episode Listen Later Dec 3, 2025 32:17


See more: https://thinkfuture.substack.comConnect with Bojan: https://www.linkedin.com/in/bojansimic---Passwords were supposed to die 20 years ago—so why are we still using them?In this episode of thinkfuture, host Chris Kalaboukis talks with Bojan Simic, co-founder and CEO of HYPR, a cybersecurity company on a mission to finally eliminate passwords for good.Bojan shares how a personal hacking experience early in his career sparked his obsession with fixing identity security. That moment eventually led to the creation of HYPR, a platform that uses biometrics, tokenization, and passwordless authentication to secure users while simplifying the login process.We discuss:- Why the password problem has persisted for decades- How HYPR's technology replaces passwords with biometrics and cryptographic keys- The challenges of mass adoption across enterprises and consumers- How HYPR is expanding into full identity verification—protecting the entire identity lifecycle- Why “passwordless” isn't just about convenience, but trust and security- What the future of authentication might look like in 2035- The role AI could play in identity assurance and fraud detectionBojan's vision is clear: the internet of the future won't rely on secrets—it'll rely on proof.If you're interested in cybersecurity, authentication, biometrics, or the future of digital identity, this episode is a must-listen.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Nov 25, 2025 6:11


Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Second Coming A new, destructive variant of the Shai-Hulud worm is currently spreading through NPM/Github repos. https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised Hacklore: Cleaning up Outdated Security Advice A new website, hacklore.org, has published an open letter from former CISOs and other security leaders aimed at addressing some outdated security advice that is often repeated. https://www.hacklore.org

Wax Museum: A Basketball Card Podcast
Episode 350: Steve (@showley2003) Helps Put a Bow on the Audio Era

Wax Museum: A Basketball Card Podcast

Play Episode Listen Later Nov 25, 2025 44:13


On this week's episode, Kyle welcomes back Steve (@showley2003) to help wrap up the audio era of the Wax Museum Podcast. They talk mail days, Authentication nightmares, goofy eBay history, and a major Paul George patch pickup — plus what comes next as the show moves to YouTube.

ITSPmagazine | Technology. Cybersecurity. Society
A Practical Look at Incident Handling: How a Sunday Night Bug Bounty Email Triggered a Full Investigation | A Screenly Brand Spotlight Conversation with Co-founder of Screenly, Viktor Petersson

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Nov 25, 2025 17:48


This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.Learn more about Screenly: https://itspm.ag/screenly1oNote: This story contains promotional content. Learn more.GUESTViktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/RESOURCESLearn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenlyLinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkkBlog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlightKeywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Ten Minute Bible Hour Podcast - The Ten Minute Bible Hour
GAL266 - Ancient Authentication Hacks to Prevent Unordered Circumcision Hacks

The Ten Minute Bible Hour Podcast - The Ten Minute Bible Hour

Play Episode Listen Later Sep 1, 2025 16:13


Galatians 6:11 Thanks to everyone who supports TMBH at patreon.com/thetmbhpodcast You're the reason we can all do this together! Discuss the episode here Music by Jeff Foote