Podcasts about OpenSSL

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220

Se Stanislavem Fortem o nástupu AI agentů, limitech a rizicích umělé inteligenci, ochraně a opravování softwarových katedrál a budování kyberbezpečnostního startupu Aisle v Praze. Moderuje Štěpán Sedláček.Pravděpodobně prožíváme technologickou revoluci, jejíž rychlost, rozsah a potenciálních dopady na lidský život a práci nemají obdoby, ať už skončí jakkoli. Nástup velkých jazykových modelů a generativní AI je čím dál patrnější napříč různými sférami lidské činnosti od programování po umění. Otázky, které dříve řešila poměrné malá skupina lidí spojených s výzkumem a vývojem umělé inteligence nebo science fiction, jsou dnes často ve středu zájmu celospolečenské debaty, byť by si možná zasloužily ještě více pozornosti a to i ze strany států. Otázku po tom, jestli někdy bude k dispozici umělá inteligence, která předčí člověka, dnes spíše přebíjí otázka, jestli nás od ní dělí rok, několik let nebo víc času. Stanislav Fort je matematik, fyzik a expert na umělou inteligenci a velké jazykové modely (LLM), který dříve působil v předních světových společnostech v oboru Google DeepMind nebo Anthropic. Jak vidí letošní rok na poli AI?„Myslím, že letos si většina lidí uvědomí, že AI funguje a je schopná dělat užitečnou intelektuální práci. V roce 2025 se staly mainstreamem přemýšlecí (tzv. reasoning) modely zejména v souvislosti s nástupem modelu R1 od společnosti DeepSeek. Během té doby se modely extrémně zlepšily a začaly být schopné řešit dlouhé a obtížné intelektuální úkoly napříč obory u nichž je třeba koordinovat přemýšlení přes dlouhé časové horizonty. A ty se měsíc po měsíci prodlužovaly rapidním tempem. Dnes si už většina lidí v programování i softwarovém inženýrství a odvětvích, která silně závisejí na využití počítačů, uvědomuje, že jsme na hraně toho, kdy tyto věci dokáží pracovat na podobných věcech jako elitní lidé a nepotřebují příliš supervize. Rok 2026 bude rokem, kdy AI agenti a přemýšlecí modely, které je pohánějí, začnou fungovat v reálných ekonomicky důležitých činnostech,“ říká expert Stanislav Fort, který společně s Ondřejem Vlčkem a Jayou Baloo založil firmu Aisle, kde působí jako hlavní vědec.Podařilo se jim vytvořit autonomní AI nástroj, který umí rychle nacházet a opravovat bezpečnostní chyby ve složitých softwarových systémech jako je protokol OpenSSL, který šifruje většinu komunikace na webu. Jaké mají po roce fungování na poli kybernetické bezpečnosti cíle? Jaký zásadní problém se jim podařilo vyřešit? Co říká na nástup AI agentů dění kolem sítě Moltbook? Vidí nějaké fundamentální limity ve vývoji umělé inteligence? Co si myslí o AI bublině na trzích? Jak by se měla Evropa postavit k aktuálním závodům ve vývoji AI? A jaká úskalí má zakládání kyberbezpečnostního startupu v Praze? Nejen na to se ptá v podcastu Zeitgeist Štěpán Sedláček.

Karnevalskater trifft Open-Source-Kater: Zwischen FOSDEM-Raumsuche, MySQL-Gerüchten und ethischen Grundsatzdebatten stolpern wir durch Tech-Trends und AI-News. Dazu gibt's Abo-Detox, Desktop-Frust und die Erkenntnis: Digitale Souveränität beginnt manchmal mit „Kündigen“-Button statt Keynote. Blast from the Past MySQL - Bericht vom FOSDEM Stand Rant extended - same as posting blogposts on linkedin applies - of course - to medium. Static Site Generators with AsciiDoc support Toter der Woche Google Pixel 3a Untoter der Woche notepads Windows Notepad Ursache Markdown feature Microsoft seite Notepad++ AI der Woche AI agent seemingly tries to shame open source developer for rejected pull request AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty) Selfish AI Anthropic raises $30B Series G funding at $380B post-money valuation (Anthropic) Nvidia shares are down after a report that its OpenAI investment stalled. Here's what's happening News Wero: Commerzbank macht mit

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

EP 277In this week's dark matter:Privacy-first users send a clear message to DuckDuckGo.  AI-free search is here to stay for most of its community.A cutting-edge AI from AISLE exposed deep-seated vulnerabilities in OpenSSL, exponentially speeding the pace of cybersecurity discovery.A security breach at eScan transformed trusted antivirus software into an unexpected cyber weapon.An internal probe suggests a cyber intrusion may have prematurely exposed last year's Nobel Peace Prize laureate.A U.S. jury found former Google engineer Linwei Ding guilty of funneling AI trade secrets to Chinese tech companies.Newly surfaced records reveal U.S. investigators examined claims that WhatsApp's encryption might not be as airtight as advertised.Apple's new location “fuzzing” feature gives users the power to stay connected, without being precisely tracked.A privacy lapse in a talking AI toy exposed thousands of private conversations between children and their plush companions.Google unleashes new AI to investigate DNA's ‘dark matter'.  DeepMind's latest creation, AlphaGenome, is shining light on the 98% of DNA that science once found inscrutable.Come on, let's go unravel some genomes.Find the full transcript to this podcast here.

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodYTranscript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-opensslLinks:- https://cryptography.io/en/latest/statements/state-of-openssl/- Py Cryptography: https://cryptography.io- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/- https://packages.gentoo.org/packages/media-libs/libsdl- https://www.youtube.com/watch?v=RUIguklWwx0- https://datatracker.ietf.org/doc/rfc9180/- https://docs.openssl.org/3.3/man3/OSSL_PARAM/- https://openssl.foundation/- https://github.com/openssl/openssl/issues/17064- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny- https://github.com/topazproject/topaz- https://github.com/actions/runner/issues/1069- https://crystalhotsauce.com/- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467- https://en.wikipedia.org/wiki/Ship_of_Theseus- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d- https://www.ibm.com/products/open-sdk-for-rust-aix- https://dadrian.io/blog/posts/corporate-support-xz/- https://peps.python.org/- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/- https://go.dev/blog/fips140- https://dadrian.io/blog/posts/roll-your-own-crypto/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

If you like what you hear, please subscribe, leave us a review and tell a friend!

CISA's interim director uploaded sensitive government material into the public version of ChatGPT. The cyberattack on Poland's power grid compromised roughly 30 energy facilities. The EU and India sign a new partnership that includes expanded cyber cooperation. Meta rolls out enhanced WhatsApp security features. Researchers uncover a campaign targeting LLM service endpoints. Fortinet and OpenSSL patch multiple vulnerabilities. A high-severity WinRAR vulnerability continues to see widespread exploitation six months after it was patched. The SoundCloud data breach affected nearly 30 million users. Ben Yelin explains the California lawsuit accusing social media platforms of harming kids. A Spanish resort town gets hit with low-rent ransomware.   Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave is joined by his Caveat co-host Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the upcoming trial where Meta and YouTube will make their case against accusations of social media being harmful to children. You can learn more here.  T-Minus Guest Host Our T-Minus Space Daily podcast team is in Orlando, FL this week covering Commercial Space Week. Yesterday while the crew was on travel making their way to the event, Dave Bittner took his first spin behind the mic on T-Minus. Tune in and let us know how Dave did! You can follow along with host Maria Varmazis and producers Alice Carruth and Liz Stokes for event coverage via our LinkedIn profile. Selected Reading Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT (POLITICO) Cyberattack on Poland's power grid hit around 30 energy facilities, new report says (The Record) Europe/India • Indian 'hackers for hire' to continue to thrive under Brussels-New Dehli trade deal (Intelligence Online) New WhatsApp lockdown feature protects high-risk users from hackers (Bleeping Computer) Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation (Bleeping Computer) Fortinet Patches Exploited FortiCloud SSO Authentication Bypass (SecurityWeek) High-Severity Remote Code Execution Vulnerability Patched in OpenSSL (SecurityWeek) Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect (CyberScoop) SoundCloud breach added to HIBP, 29.8 million accounts exposed (CyberInsider) Spanish municipality Sanxenxo City Council calls hackers bluff as malware takes over network (Cryptopolitan) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Initial Stages of Romance Scams [Guest Diary] Romance scams often start with random text messages that appear to be misrouted . This guest diary by Faris Azhari is following some of the initial stages of such a scam. https://isc.sans.edu/diary/Initial%20Stages%20of%20Romance%20Scams%20%5BGuest%20Diary%5D/32650 Denial of Service Vulnerabilities in React Server Components Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition. https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg OpenSSL Updates OpenSSL released its monthly updates, fixing a potential RCE. https://openssl-library.org/news/vulnerabilities/ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission Many Kubernetes Helm Charts are vulnerable to possible remote code executions due to unclear defined access controls. https://grahamhelton.com/blog/nodes-proxy-rce

This is a partial follow-up to AISLE discovered three new OpenSSL vulnerabilities from October 2025. TL;DR: OpenSSL is among the most scrutinized and audited cryptographic libraries on the planet, underpinning encryption for most of the internet. They just announced 12 new zero-day vulnerabilities (meaning previously unknown to maintainers at time of disclosure). We at AISLE discovered all 12 using our AI system. This is a historically unusual count and the first real-world demonstration of AI-based cybersecurity at this scale. Meanwhile, curl just cancelled its bug bounty program due to a flood of AI-generated spam, even as we reported 5 genuine CVEs to them. AI is simultaneously collapsing the median ("slop") and raising the ceiling (real zero-days in critical infrastructure). Background We at AISLE have been building an automated AI system for deep cybersecurity discovery and remediation, sometimes operating in bug bounties under the pseudonym Giant Anteater. Our goal was to turn what used to be an elite, artisanal hacker craft into a repeatable industrial process. We do this to secure the software infrastructure of human civilization before strong AI systems become ubiquitous. Prosaically, we want to make sure we don't get hacked into oblivion the moment they come online. [...] ---Outline:(01:05) Background(02:56) Fall 2025: Our first OpenSSL results(05:59) January 2026: 12 out of 12 new vulnerabilities(07:28) HIGH severity (1):(08:01) MODERATE severity (1):(08:24) LOW severity (10):(13:10) Broader impact: curl(17:06) The era of AI cybersecurity is here for good(18:40) Future outlook --- First published: January 27th, 2026 Source: https://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-cancelled-its --- Narrated by TYPE III AUDIO.

Josh talk to Dirkjan and Joe about Rustls (pronounced rustles), a Rust-based TLS library. Dirkjan and Joe are developers on Rustls. We talk about the history that got us to this point. The many many challenges in writing a TLS library (Rust or not). We also chat about some of what's to come. Rustls has an OpenSSL compatibility layer which makes is a really interesting project. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/

Mark “Murch” Erhardt and Mike Schmidt are joined by Bastien Teinturier, Rearden Code, and Pieter Wuille to discuss Newsletter #385: 2025 Year-in-Review Special.January● Updated ChillDKG draft (43:08) ● Offchain DLCs (45:53) ● Compact block reconstructions (2:29:27) February● Erlay update (1:53:55) ● LN ephemeral anchor scripts (0:50) ● Probabilistic payments (54:45) March● Bitcoin Forking Guide (3:29:35) ● Private block template marketplace to prevent centralizing MEV (3:05:28) ● LN upfront and hold fees using burnable outputs (13:12) April● SwiftSync speedup for initial block download (2:09:35) ● DahLIAS interactive aggregate signatures (3:26:02) Summary 2025: Quantum (58:07) May● Cluster mempool (1:22:11) ● Increasing or removing Bitcoin Core's OP_RETURN policy limit (2:45:43) June● Calculating the selfish mining danger threshold (2:20:39) ● Fingerprinting nodes using addr messages (3:11:38) ● Garbled locks (3:19:01) Summary 2025: Soft fork proposals (26:57) July● Chain code delegation (49:07) August● Utreexo draft BIPs (2:15:57) ● Lowering the minimum relay feerate (2:39:52) ● Peer block template sharing (2:56:01) ● Differential fuzzing of Bitcoin and LN implementations (3:16:08) Summary 2025: Stratum v2 (2:04:49) September● Details about the design of Simplicity (3:23:01) ● Partitioning and eclipse attacks using BGP interception (3:13:47) October● Discussions about arbitrary data (3:01:15) ● Channel jamming mitigation simulation results and updates (11:05) November● Comparing performance of ECDSA signature validation in OpenSSL vs. libsecp256k1 (2:01:47) ● Modeling stale rates by propagation delay and mining centralization (2:22:32) ● BIP3 and the BIP process (3:31:37) ● Bitcoin Kernel C API introduced (3:35:35) December● Splicing (7:33)

Researchers from the University of Maryland Baltimore County have evaluated the support for post-quantum cryptography (PQC) in nine open-source cryptographic libraries, revealing a mixed landscape of preparedness. Some libraries, like wolfSSL/wolfCrypt, are leading with strong and early PQC support, while others, such as OpenSSL, are still in the process of integrating these algorithms. The study highlights the importance of transitioning to PQC due to the potential of quantum computers to break current public-key cryptosystems. You can listen to all of the Quantum Minute episodes at https://QuantumMinute.com. The Quantum Minute is brought to you by Applied Quantum, a leading consultancy and solutions provider specializing in quantum computing, quantum cryptography, quantum communication, and quantum AI. Learn more at https://AppliedQuantum.com.

Mark “Murch” Erhardt, Gustavo Flores Echaiz, and Mike Schmidt are joined by Sebastian Falbesoner, PortlandHODL, Tadge Dryja, and Antoine Poinsot to discuss Newsletter #379.News● Comparing performance of ECDSA signature validation in OpenSSL vs. libsecp256k1 (1:47) Changing consensus● Multiple discussions about restricting data (14:05) ● Post-quantum signature aggregation (1:00:05) ● Native STARK proof verification in Bitcoin Script (1:18:47) ● BIP54 implementation and test vectors (35:47) Releases and release candidates● Core Lightning 25.09.2 (1:30:54) ● LND 0.20.0-beta.rc3 (1:31:44) Notable code and documentation changes● Bitcoin Core #31645 (1:32:34) ● Core Lightning #8636 (1:40:08) ● Core Lightning #8639 (1:43:18) ● Core Lightning #8635 (1:44:31) ● Eclair #3209 (1:46:25) ● Eclair #3206 (1:46:59) ● Eclair #3210 (1:49:31) ● LDK #4140 (1:54:13) ● LDK #4168 (1:59:12) ● Rust Bitcoin #5116 (2:01:06) ● BTCPay Server #6922 (2:05:05)

In this episode of Remote Ruby, Chris and Andrew catch up with Chris discussing the arrival of a new baby and the challenges of balancing work and parenting. Then, they dive into the complexities of dealing with OpenSSL 3.6 issues on their development environments, exploring various debugging attempts and ultimately finding a workaround. The conversation also touches on the ongoing drama within the Ruby community, expressing concerns about its impact and the need for unity. Additionally, they share thoughts on shows/series they've been watching and reflect on the joys and frustrations of nostalgic activities like building with Legos. The episode wraps up with a teaser about forthcoming features for Action Push, particularly for web notifications. Hit download now to hear more! LinksJudoscale- Remote Ruby listener giftGitHub PR #949- certificate verify failed (unable to get certificate CRL) Can I emailTaskThe GirlfriendMementoThe Usual SuspectsThe Bearcarlhuda Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

This week it's all about your feedback! We answer your questions, and dig through your problems! -- During The Show -- 00:50 Intro Hallucinating 03:45 Friso from Mumble Moving all chats to one application Matrix Server Bridges Beeper Messages not flowing Self hosting beeper bridges E2EE 12:05 Security Cameras - Dustin Used Axis cameras Reolink Camera's POE Ethernet only models Some models require Reolink app for first setup Doorbell camera Steve's "doorbell camera flow" Surveillance Station Get one drive Reduce frame rate Weeks worth of footage Axis camera 2035 or 2036 Axis P3367 Write back in! 24:04 Laptops - Dasgeek Framework 12 Framework 12 vs Framework 13 25:45 News Wire Proxmox Mail Gateway 9.0 - helpnetsecurity.com (https://www.helpnetsecurity.com/2025/10/06/proxmox-mail-gateway-open-source-email-security-solution) GnuCash 5.13 - gnucash.org (https://www.gnucash.org/download.phtml) GNU Octave 10.3 - octave.org (https://octave.org/news/release/2025/10/01/octave-10.3.0-released.html) OpenSSL 3.6 - openssl-library.org (https://openssl-library.org/post/2025-10-01-3.6-release-announcement) Docker 28.5 - docker.com (https://docs.docker.com/engine/release-notes/28) Cairo-Dock 3.6 - phoronix.com (https://www.phoronix.com/news/Cairo-Dock-3.6-Released) GNU Linux Libre Kernel 6.17 - gnu.org (https://lists.gnu.org/archive/html/info-gnu/2025-09/msg00007.html) Tinycore 16.2 - tinycorelinux.net (https://forum.tinycorelinux.net/index.php/topic,27807.0.html) Opensuse Leap 16 - opensuse.org (https://get.opensuse.org/leap/16.0) Spine Endoscopic Atlas - nature.com (https://www.nature.com/articles/s41597-025-05897-7) Huawei Shrinks LLMs - venturebeat.com (https://venturebeat.com/ai/huaweis-new-open-source-technique-shrinks-llms-to-make-them-run-on-less) 4th Version of Granite AI - techrepublic.com (https://www.techrepublic.com/article/news-ibm-granite-40-ai) Granite AI Earns ISO 42001 - ibm.com (https://www.ibm.com/new/announcements/ibm-granite-iso-42001) 27:00 Send Feedback and Questions! Newbie questions welcome Fastest way to learn is immerse yourself Experts welcome too Email in! Follow up 30:45 Linux Basics - Kevin The bell story Level of learning GUI vs CLI Learning styles Ask your Linux friends Ask a LLM SIMPLE things Get hands on using it Set your expectations Tails Linux (https://tails.net/) Reproducibility Endless OS (https://www.endlessglobal.com/) Distro Hop Fedora (https://fedoraproject.org//) Ubuntu Arch Linux (https://archlinux.org/) Tiling window manager RHCSA and other Red Hat exams Canonical Academy ANS 437 (https://podcast.asknoahshow.com/437) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/462) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

Repasamos lo más relevante de la semana (28 sep–4 oct 2025) en tecnología, informática y Linux: el salto de Raspberry Pi OS a Debian 13 “Trixie”, la llegada de openSUSE Leap 16, cambios en Alpine (/usr-merge), actualizaciones de Steam en Linux, OpenSSL 3.6, parches de seguridad para sudo, y las últimas de Wine y Mesa, con un heads-up de Ubuntu 25.10. Todo explicado en monólogo, claro y sin rodeos, para que entiendas el porqué y decidas cuándo actualizar.

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL

Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why Hyper was removed from curl, why the last five percent of making it a success was difficult, what the project gained from the 5-year attempt to tackle bringing Rust into a C project, lessons learned for next time, why user support is critical, and the positive long-lasting impact this attempt had. Brought to you by IEEE Computer Society and IEEE Software magazine.

I discuss all things OpenSSL with Hana Andersen and Anton Arapov from the OpenSSL Corporation. Discover the intricacies of organizing the first-ever OpenSSL conference in Prague, the importance of post-quantum cryptography, and the evolution of OpenSSL from a small team to a global community. Whether you're a seasoned cryptographer or just curious about the future of secure communications, this episode offers insights and stories. Don't miss out on learning how OpenSSL is still shaping the future of cryptography. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-openssl-hana-anton/

Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won't want to miss what is a truly spirited and candid conversation – in two parts! Mishi Choudhary SVP and General Counsel, Virtru A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e343

Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won't want to miss what is a truly spirited and candid conversation – in two parts! Mishi Choudhary, SVP and General Counsel, Virtru A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e342

This week we dig into how you can host your own 5G and Ubuntu's new certification program! -- During The Show -- 00:45 Technology Another Way Cell Phone sales and inventory Market uncertainty Erasing a phone Moving to GrapheneOS Used equipment Fdroid (https://f-droid.org/) Opportunities to move people to open source Routes to take 14:00 News Wire OpenSSH 10.0p2 - openssh.com (https://www.openssh.com/releasenotes.html) OpenSSL 3.5 - github.com (https://github.com/openssl/openssl/releases) GNU Coreutils 9.7 - gnu.org (https://www.gnu.org/software/coreutils/manual/coreutils.html) Pinta 3.0 - pinta-project.com (https://www.pinta-project.com/releases/3-0.html) OpenELA Leapp - techzine.eu (https://www.techzine.eu/news/devops/130476/openela-introduces-leapp-project-for-in-place-upgrades-of-enterprise-linux/) Linux Mint OEM Support - linuxmint.com (https://blog.linuxmint.com/?p=4825) Asahi Linux Roadblock - appleinsider.com (https://appleinsider.com/articles/25/04/08/asahi-linux-m4-support-hits-a-roadblock-because-of-apple-silicon-changes) Proxmox VW 8.4 - proxmox.com (https://www.proxmox.com/en/about/company-details/press-releases/proxmox-virtual-environment-8-4) Archbang 0904 - sourceforge.net (https://sourceforge.net/projects/archbang/files/ArchBang/archbang-0904-x86_64.iso/download) Feren OS 2025.03 - feren-os.com (https://medium.com/feren-os/feren-os-2025-03-minor-rebase-update-for-feren-os-f82ce0a47a52) Pardus 23.4 - pardus.org (https://pardus.org.tr/en/pardus-23-4-changelog/) SparkyLinux - sparkylinux.org (https://sparkylinux.org/sparky-7-7/) MX 26.3 - mxlinux.org (https://mxlinux.org/blog/mx-23-6-now-available/) Particle OS - itsfoss.com (https://news.itsfoss.com/systemd-particle-os/) Malware "Patches" - darkreading.com (https://www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software) Slopsquatting - theregister.com (https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/) Luminary Cloud and Honda's AI Model - engineering.com (https://www.engineering.com/luminary-cloud-releases-open-source-physics-ai-model-with-honda-nvidia/) 15:50 Canonical Certifications Adriana Frick's Story Why Adriana left tech BGP What did the creation process look like? Defining standards Making it measurable Proving skills How did you learn what employers want Mauricio Buschinelli's Story Verifying completion of a task What does the test look like Easter Eggs through out As close to real as possible Care about outcomes Accessibility Testing (https://ubuntu.com/credentials) A lot more coming 41:00 5G Cellphone companies want to be at the tower 5G Hardware Entire stack is open source Provisioning Sim Cards Roaming Charmed Ether SD Core 50:00 FCC Licensing Not a walk in the park FCC starting to require receiver registration Spectrum is crowded -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/437) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

video: https://youtu.be/ua-RPOtdcF8 Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, App 3.0 drops, bringing big changes under the hood. Amiga OS, yes, that Amiga OS, is still alive and getting updates, apparently. Open SSL 3.5 and Open SSH 10.0 both rolled out new features this week with also some future-proofing involved. And Sony, yes, that Sony, has released The Last of Us Part II on PC and it's Steam Deck verified. All that and much more on This Week in Linux, the weekly news show that keeps you plugged into everything happening in the Linux and Open Source world. Now let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/c5514bc1-148c-43d2-a6eb-4d0fcbfd6966.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:39 APT 3.0 Released 02:48 Last of US Part 2 Verified for Steam Deck 05:47 MPV 0.40 Released 08:58 Sandfly Security [ad] 10:54 AmigaOS still exists and getting updates apparently 14:24 TUXEDO Provides Update On Their Snapdragon X Elite Linux Laptop 17:20 OpenSSL 3.5 Released 19:19 OpenSSH 10.0 Released 21:41 Support the show Links: APT 3.0 Released https://tracker.debian.org/news/1635519/accepted-apt-300-source-into-unstable/ (https://tracker.debian.org/news/1635519/accepted-apt-300-source-into-unstable/) https://9to5linux.com/apt-3-0-debian-package-manager-released-with-revamped-command-line-interface (https://9to5linux.com/apt-3-0-debian-package-manager-released-with-revamped-command-line-interface) https://www.phoronix.com/news/Debian-APT-3.0-Released (https://www.phoronix.com/news/Debian-APT-3.0-Released) Last of US Part 2 Verified for Steam Deck https://gameinformer.com/interview/2025/04/01/naughty-dog-and-nixxes-on-the-pc-port-of-the-last-of-us-part-ii-we-take-the (https://gameinformer.com/interview/2025/04/01/naughty-dog-and-nixxes-on-the-pc-port-of-the-last-of-us-part-ii-we-take-the) https://www.pcguide.com/news/steam-deck-support-is-so-important-says-the-last-of-us-part-2-pc-project-director/ (https://www.pcguide.com/news/steam-deck-support-is-so-important-says-the-last-of-us-part-2-pc-project-director/) MPV 0.40 Released https://mpv.io/ (https://mpv.io/) https://github.com/mpv-player/mpv/releases/tag/v0.40.0 (https://github.com/mpv-player/mpv/releases/tag/v0.40.0) https://www.phoronix.com/news/MPV-0.40-Released (https://www.phoronix.com/news/MPV-0.40-Released) https://9to5linux.com/mpv-0-40-open-source-video-player-released-with-native-hdr-support-on-linux (https://9to5linux.com/mpv-0-40-open-source-video-player-released-with-native-hdr-support-on-linux) Sandfly Security [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) https://destinationlinux.net/409 (https://destinationlinux.net/409) discount code: destination50 (Home Edition) AmigaOS still exists and getting updates apparently https://www.hyperion-entertainment.com/index.php/news/1-latest-news/320-new-update-3-for-amigaos-32-available-for-download (https://www.hyperion-entertainment.com/index.php/news/1-latest-news/320-new-update-3-for-amigaos-32-available-for-download) https://www.theregister.com/2025/04/10/amigaos32_3/ (https://www.theregister.com/2025/04/10/amigaos_3_2_3/) TUXEDO Provides Update On Their Snapdragon X Elite Linux Laptop https://www.tuxedocomputers.com/en/How-is-TUXEDOCOes-ARM-Notebook-Coming-Along.tuxedo (https://www.tuxedocomputers.com/en/How-is-TUXEDOCOes-ARM-Notebook-Coming-Along.tuxedo) https://www.qualcomm.com/products/mobile/snapdragon/laptops-and-tablets/snapdragon-x-elite (https://www.qualcomm.com/products/mobile/snapdragon/laptops-and-tablets/snapdragon-x-elite) https://www.linaro.org/ (https://www.linaro.org/) https://www.phoronix.com/news/TUXEDO-Snapdragon-Laptop-Update (https://www.phoronix.com/news/TUXEDO-Snapdragon-Laptop-Update) OpenSSL 3.5 Released https://openssl-library.org/ (https://openssl-library.org/) https://github.com/openssl/openssl/releases/tag/openssl-3.5.0 (https://github.com/openssl/openssl/releases/tag/openssl-3.5.0) https://lwn.net/Articles/1016851/ (https://lwn.net/Articles/1016851/) https://9to5linux.com/openssl-3-5-released-with-support-for-pqc-algorithms-server-side-quic (https://9to5linux.com/openssl-3-5-released-with-support-for-pqc-algorithms-server-side-quic) https://www.phoronix.com/news/OpenSSL-3.5-Released (https://www.phoronix.com/news/OpenSSL-3.5-Released) OpenSSH 10.0 Released https://www.openssh.com/ (https://www.openssh.com/) https://www.openssh.com/releasenotes.html#10.0p1 (https://www.openssh.com/releasenotes.html#10.0p1) https://www.phoronix.com/news/OpenSSH-10.0-Released (https://www.phoronix.com/news/OpenSSH-10.0-Released) https://lwn.net/Articles/1016924/ (https://lwn.net/Articles/1016924/) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)

Microsoft Patch Tuesday Microsoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited. https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838 Adobe Updates Adobe released patches for 12 different products. In particular important are patches for Coldfusion addressing several remote code execution vulnerabilities. Adobe Commercse got patches as well, but none of the vulnerabilities are rated critical. https://helpx.adobe.com/security/security-bulletin.html OpenSSL 3.5 Released OpenSSL 3.5 was released with support to post quantum ciphers. This is a long term support release. https://groups.google.com/a/openssl.org/g/openssl-project/c/9ZYdIaExmIA Fortiswitch Update Fortinet released an update for Fortiswitch addressing a vulnerability that may be used to reset a password without verification. https://fortiguard.fortinet.com/psirt/FG-IR-24-435

There's been a bit of a shakeup this week, with Torvalds criticizing Docker, Rustls dominating the TLS performance war, and Intel releasing a graphics card while "retiring" their CEO. Then, Flathub and KDE are working on their finances, OpenVPN has modernized its kernel driver, and Steam Machines may be back! Oh, and don't forget OBS 31 or the potential security issue with OpenWRT! For tips, we have eza as an ls replacement, pv for pipe progress viewing, IMSProg for EEPROM hacking, and HandlePowerKey for customizing what your machine does when you hit the power button. Grab the show notes at https://bit.ly/4gl1VtB and enjoy! Host: Jonathan Bennett Co-Hosts: Rob Campbell, David Ruggles, and Jeff Massie Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Cybersecurity Today: Zero Day Flaws, FinTech Breach, Phishing Scams & More In today's episode, host Jim Love discusses critical updates in the cybersecurity world. Discover the latest zero day vulnerabilities patched by Apple, a significant data breach at Fintech giant Finastra, emerging phishing attack tactics using Microsoft Visio files and SVG attachments, and the launch of a new privacy-focused telecom service, CAPE. Additionally, learn about Google's AI-powered OSS Fuzz tool, which uncovered a critical flaw in the OpenSSL library. Stay informed to protect yourself and your organization from sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:59 Emerging Phishing Attack Strategies 03:12 Finastra Data Breach Investigation 04:49 Launch of CAPE: A Privacy-Focused Telecom Service 06:19 Apple's Emergency Updates for Zero-Day Vulnerabilities 07:29 Google's OSS Fuzz Uncovers Critical Vulnerabilities 09:07 Conclusion and Podcast Information

Join us for a very special in-depth interview with Lucy Chen, VP of Claris Engineering. Kate Waldhauser hosts this special edition of the FileMaker DevCast, as Lucy gives us a glimpse behind the scenes of the engineering world at Claris, an Apple Company.Lucy shares insights as to how new features get into the product and how the latest version improves performance, reliability and security. She takes us under the hood, diving into the new enhancements of FileMaker 21.1, including the move to newer technologies like Java 17, Xcode 16, and OpenSSL 3.3. She also covers new features in FileMaker 21.1, such as HTTPS tunneling, improvements to the Admin Console, and the integration of AI-powered semantic search, for both natural language and image content searches.These changes have come about through Claris's ongoing commitment to understanding customer feedback. Join Kate & Lucy as they explore how the FileMaker platform continues to empower businesses with innovative capabilities.https://www.portagebay.com/Portage Bay Solutions is a custom software development firm based in Seattle, WA, with additional offices in the Austin, Chicago, Dallas, Omaha, Orange County, and Vancouver areas. For more than thirty years, we have been helping businesses of all sizes get the most out of their FileMaker investments. As a full-service Claris FileMaker Platinum Partner, Portage Bay is committed to helping you optimize your software investments and improve your business processes.#claris #filemaker #devtools #devs #devcast #openSSL #https #tunneling #AI #semanticsearch #innovation #portagebaysolutions #portagebay  #FileMaker21.1

Join us for a very special in-depth interview with Lucy Chen, VP of Claris Engineering. Kate Waldhauser hosts this special edition of the FileMaker DevCast, as Lucy gives us a glimpse behind the scenes of the engineering world at Claris, an Apple Company. Lucy shares insights as to how new features get into the product and how the latest version improves performance, reliability and security. She takes us under the hood, diving into the new enhancements of FileMaker 21.1, including the move to newer technologies like Java 17, Xcode 16, and OpenSSL 3.3. She also covers new features in FileMaker 21.1, such as HTTPS tunneling, improvements to the Admin Console, and the integration of AI-powered semantic search, for both natural language and image content searches. These changes have come about through Claris's ongoing commitment to understanding customer feedback. Join Kate & Lucy as they explore how the FileMaker platform continues to empower businesses with innovative capabilities.   Portage Bay Solutions is a custom software development firm based in Seattle, WA, with additional offices in the Austin, Chicago, Dallas, Omaha, Orange County, and Vancouver areas. For more than thirty years, we have been helping businesses of all sizes get the most out of their FileMaker investments. As a full-service Claris FileMaker Platinum Partner, Portage Bay is committed to helping you optimize your software investments and improve your business processes. #claris #filemaker #devtools #devs #devcast #openSSL #https #tunneling #AI #semanticsearch #innovation #portagebaysolutions #portagebay  #FileMaker21.1

This week Robie Basak joins Noah from the Ubuntu Summit and gives an introduction on how to get started contributing to Ubuntu. -- During The Show -- 01:26 HexOS - Craig Start with the Command Line When is a GUI appropriate Start with make a ZFS pool make a samba share Help us understand your goal What is HexOS Ubuntu and ZFS DKMS kABI Advantages of TrueNAS Snapshots Send/Receive 1 Click Re-silvering 17:08 Questions about HDMI switch - Andy Theater Receiver Decimator (https://www.amazon.com/Decimator-DMON-QUAD-SD-SDI-Multi-Viewer-Outputs/dp/B072NGFDMR) 21:14 News Wire SQLite 3.47.0 - sqlite.org (https://sqlite.org/releaselog/3_47_0.html) Peazip 10 - github.io (https://peazip.github.io) Jellyfin 10.10.0 - jellyfin.org (https://jellyfin.org/posts/jellyfin-release-10.10.0/) EasyOS 6.4 - puppylinux.com (https://forum.puppylinux.com/viewtopic.php?t=12973) Gnome 47.1 - gnome.org (https://discourse.gnome.org/t/gnome-47-1-released/24670) Tor Browser 14.0 - torproject.org (https://blog.torproject.org/new-release-tor-browser-140/) AlmaLinux Kitten 10 - almalinux.org (https://almalinux.org/blog/2024-10-22-introducing-almalinux-os-kitten/) Gentoo & DTrace 2.0 - gentoo.org (https://www.gentoo.org/news/2024/10/23/DTrace-for-Gentoo.html) NASA $15.6M Grant for Open Source Tools - spaceanddefense.io (https://spaceanddefense.io/nasa-awards-15-6-million-in-open-source-software-funding/) Open Source Printable Lathe - hackaday.com (https://hackaday.com/2024/10/23/a-3d-printed-open-source-lathe/) Thelio Astra - system76.com (https://system76.com/desktops/thelio-astra) Eight Nvidia High Severity Vulnerabilities - forbes.com (https://www.forbes.com/sites/daveywinder/2024/10/25/urgent-new-nvidia-security-warning-for-200-million-linux-and-windows-gamers/) OpenSSL 3.4 - github.com (https://github.com/openssl/openssl/releases/tag/openssl-3.4.0) IPS Snort v3.5 - github.com (https://github.com/snort3/snort3/releases) Parrot OS 6.2 - parrotsec.org (https://parrotsec.org/blog/2024-10-23-parrot-6.2-release-notes/) New Granite 3.0 - zdnet.com (https://www.zdnet.com/article/ibm-doubles-down-on-open-source-ai-with-new-granite-3-0-models/) HUGS - reuters.com (https://www.reuters.com/technology/startup-hugging-face-aims-cut-ai-costs-with-open-source-offering-2024-10-23/) SynthID Now Open Source - theverge.com (https://www.theverge.com/2024/10/23/24277873/google-artificial-intelligence-synthid-watermarking-open-source) Mochi 1 - venturebeat.com (https://venturebeat.com/ai/video-ai-startup-genmo-launches-mochi-1-an-open-source-model-to-rival-runway-kling-and-others/) Ubuntu Turns 20 - ubuntu.com (https://ubuntu.com/20years) 23:23 Robie Basak - Ubuntu Technical Council What drew you to Linux? Why did you decide to work for Canonical? What is the Ubuntu Technical Board? Difference between Ubuntu and Canonical The process of granting commit rights Conflict resolution Cloud init Unique ID Ubuntu Summit Range of interaction Membership Board Meeting Full Hour Long Meeting Recording YouTube (https://www.youtube.com/live/pyRcIZskKNE?si=frx3zrPhUoeLrHi8) 43:40 Fedora 41 Fedora 41 available early! New DNF bootc Plasma Mobile Spin (https://fedoramagazine.org/announcing-fedora-linux-41/) Fedora Magazine (https://fedoramagazine.org/announcing-fedora-linux-41/) Minisforum v3 (https://store.minisforum.com/products/minisforum-v3?) Steve, Fedora, hardware 50:30 Russian Kernel Maintainers Removed Greg Kroah-Hartman removed them due to "various compliance requirements" Removed developers Russian and not minor contributors We live in a world where decisions are made for political reasons zdnet.com (https://www.zdnet.com/article/why-remove-russian-maintainers-of-linux-kernel-heres-what-torvalds-says/) therecord.media (https://therecord.media/russia-separate-linux-community-kernel-maintainers-delisted) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/413) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

This week we take a deep dive behind-the-scenes look into how the team handled a recent report from Snyk's Security Lab of a local privilege escalation vulnerability in `wpa_supplicant` plus we cover security updates in Prometheus Alertmanager, OpenSSL, Exim, snapd, Gross, curl and more.

Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions and the benefits that come from so many people being engaged with security. Segment Resources: OWASP Security Champions Guide - Get Involved! - https://owasp.org/www-project-security-champions-guidebook/#div-getinvolved OWASP Security Champions Guide - LinkedIn page - https://www.linkedin.com/company/owasp-security-champions-guide/ The Security Champions Success Guide - https://securitychampionsuccessguide.org/ "Building a Successful Security Champions Program... What Does it Take?" - https://www.katilyst.com/post/building-a-successful-security-champions-program-what-does-it-take The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-294

The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Show Notes: https://securityweekly.com/asw-294

Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions and the benefits that come from so many people being engaged with security. Segment Resources: OWASP Security Champions Guide - Get Involved! - https://owasp.org/www-project-security-champions-guidebook/#div-getinvolved OWASP Security Champions Guide - LinkedIn page - https://www.linkedin.com/company/owasp-security-champions-guide/ The Security Champions Success Guide - https://securitychampionsuccessguide.org/ "Building a Successful Security Champions Program... What Does it Take?" - https://www.katilyst.com/post/building-a-successful-security-champions-program-what-does-it-take The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-294

As the podcast winds down for a break over the next month, this week we talk about RSA timing side-channel attacks and the recently announced DNSBomb vulnerability as we cover security updates in VLC, OpenSSL, Netatalk, WebKitGTK, amavisd-new, Unbound, Intel Microcode and more.

We delve into the top 3 open-source revenue streams, expose the pitfalls, and discuss what could be done quickly to improve the situation.

-- During The Show -- 00:50 MIDI MIDI a better mouse trap Pitch bending Special snowflake Firewire hardware Motu UltraLite AVB (https://motu.com/products/avb/ultralite-avb) Ardour (https://ardour.org/) Musicians please send in feedback! 11:25 News Wire Dynebolic is Back - ZDnet (https://www.zdnet.com/article/dynebolic-is-a-portable-linux-distribution-that-can-be-used-without-installation/) OpenSSL 3.3 - OpenSSL (https://www.openssl.org/news/openssl-3.3-notes.html) OpenTTD - OpenTTD (https://www.openttd.org/news/2024/04/13/openttd-14-0) Ardour - Ardour (https://ardour.org/whatsnew.html) KDE Frameworks 6.1.0 - KDE (https://kde.org/announcements/frameworks/6/6.1.0/) Descent 3 MIT Licensed - Gaming on Linux (https://www.gamingonlinux.com/2024/04/descent-3-has-been-made-open-source/) - Github (https://github.com/kevinbentley/Descent3) Opentofu vs Hashicorps - Opentofu (https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/) Huggingface Updated - Venture Beat (https://venturebeat.com/ai/hugging-face-introduces-idefics2-an-8b-open-source-visual-language-model/) Samll Verson of LLaMA-3 - CCN (https://www.ccn.com/news/technology/llama-3-release-date/) Spectre v2 Attacks - Bleeping Computer (https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/) OpenSFF and OpenJS Foundation Warning - Computer Weekly (https://www.computerweekly.com/news/366580938/More-social-engineering-attacks-on-open-source-projects-observed) 12:56 Framework Laptops Matt Hartley Linux Support Lead Reddit welcome post (https://old.reddit.com/r/framework/comments/yoslxe/welcome_to_the_framework_cx_team_matt_hartley/) First impressions Assembly How Framework supports Linux Officially supported distros Community support program Community support Ansible for other distros Support Framework 16 Alternative uses of Frameworks 27:48 Tailscale Tailscale (https://tailscale.com/) Alex Kretzschmar (https://blog.ktz.me/author/alex/) How Tailscale stays free How to get started How Tailscale works Headscale (https://headscale.net/) Tailscale for business (Paid) Features 35:37 QLC+ QLC+ (https://www.qlcplus.org/) DMX Lighting Control Boards Lighting Cues DMX King (https://dmxking.com/) Chases Built in web interface Network interfacing Elation Enode4 (https://www.elationlighting.com/enode4) Please write in about lighting on Linux! -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/385) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW

CISA's "Secure by Design" Initiative The GNU C Library Flaw Fastly CDN switches from OpenSSL to BoringSSL Roskomnadzor asserts itself Google updates Android's Password Manager Firefox gets post-quantum crypto Get your TOTP tokens from LastPass Inflated iOS app data LearnDMARC Sync mobile app bug SpinRite and Windows Defender Crypto signing camera Analog hole in digital camera authentication iOS and Google's Topics The gathering of the Stephvens Programmable Logic Controllers SpinRite update Malware-infected Toothbrush The Unforeseen Consequences of Google's 3rd-party Cookie Cutoff Show Notes - https://www.grc.com/sn/SN-960-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Melissa.com/twit joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT vanta.com/SECURITYNOW

We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org. Segment Resources: https://owasp.org/www-project-product-security-capabilities-framework/ https://github.com/OWASP/pscf https://prods.ec/ https://owaspsamm.org https://iso25000.com/index.php/en/iso-25000-standards/iso-25010 https://www.scmagazine.com/podcast-episode/application-security-weekly-242 Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-272