Podcasts about spectre meltdown

Jane Lo, Singapore Correspondent speaks with Sandro Pinto, Associate Research Professor and Cristiano Rodrigues, PhD candidate of the University of Minho, Portugal.Sandro holds a PhD in Electronics and Computer Engineering. Sandro has a deep academic background and several years of industry collaboration focusing on operating systems, virtualization, and security for embedded, cyber-physical, and IoT-based systems. He has published 70+ scientific papers in top-tier conferences/journals (e.g., IEEE S&P, USENIX Security) and is a skilled presenter with speaking experience in several academic and industrial conferences (e.g., Black Hat Asia, Hardwear.io, RISC-V Summit, Embedded World). Sandro is a long-term supporter of open-source projects and is currently helping several companies and institutions to make security practical at scale. Cristiano Rodrigues is a PhD candidate at the University of Minho in Portugal, with a master's degree in Electronic and Computer Engineering. Cristiano is a driven and skilled individual with extensive expertise in ardware/software co-design, safety-critical systems, trusted execution environments for microcontrollers, Armv8-M TrustZone, and embedded security for IoT-based systems.In this interview, Sandro and Cristiano gave highlights of their talk on a novel class of microarchitectural timing side-channel attacks affecting MCUs.They shared that while the discovery of Spectre and Meltdown side channel attacks exposed the potential side channel attacks on hidden transient states, there is one class of computing systems apparently is resilient to these attacks: microcontrollers (MCUs).Sandro introduced that MCUs are at the heart of embedded and IoT device (such as smart watches, IoT home devices), and as such resource constraint in terms of computing power, memory and power consumption. As such, he said there is a common belief that MCUs are not vulnerable to such attacks as Spectre or Meltdown, as MCUs microarchitecture is intrinsically simple - compared to the more complex microprocessors powering Cloud infrastructure, server, desktops and hence more vulnerable to side channel attacks.Sandro and Cristiano demonstrated the fallacy of this assumption through their attack on a Smart IoT lock. By mounting a side channel (timing) attack on a Smart lock application (that for example unlock a vault or a door), they were able to retrieve the secret PIN.Sandro also reflected on the challenges and shared some thoughts on increasing the sophistication of the attack (e.g. remote access, alleviate the need for access to code, scaling to multiple types of microcontrollers). Wrapping up, he stressed that sharing the results of their work is part of responsible disclosure, and advised consumers who buy IoT devices with affected microcontrollers to look out for potential announcements from manufacturers. (For an example of a follow-up action from a manufacturer ARM, see: https://developer.arm.com/documentation/ka005578/latest/)Recorded 11th May 2023, 12noon, Black Hat Asia 2023, Singapore Marina Bay Sands#bhasia#cybersecurity #mysecuritytv

    This week we change things up a bit and review a curated (almost) 5 minute summary of the latest InfoSec news including SolarWinds sanctions, language supply chain attacks, Egregor ransomware as a service, N.Korean crypto theft, vuln exploitation in the wild, Mexican politicians and ATM skimming, a new password manager, legal use of look-alike domains, rogue Yandex employees and SIM swapping attacks. For more information, including the show notes check out https://breachsense.io/podcast This week I offer a curated (almost) 5 minute summary of the latest InfoSec news including the Ubiquiti hack, the latest Facebook data leak, PHP's official Git repository hack, Github security tool updates, Government phishing attacks, a critical netmask NPM vuln, a Spectre/Meltdown mitigation bypass, a zero-click exploit in IoS's Mail, cryptomining Docker images and Microsoft Exchange exploits in the wild. For more information, including the show notes check out: https://breachsense.io/podcast

Eric gets new windows and watches a movie. Jon watches a show, fences some things and continues his flood watch. A look back 3 years at Spectre/Meltdown, Nissan leaks some code, Zyxel has backdoors and finally, SMB for your Browser! Jon pitches project pyodide and Eric mentions five axis printing and floating point video gaming. 0:00 - Ortni 11:01 - Spectre/Meltdown 3 years later 15:57 - Nissan Source Code Leak 21:05 - Zyxel Backdoor 25:01 - Web Assembly SMB 27:38 - Project Pyodide 30:35 - The Browser Will Be the OS 30:49 - Pitch and Yaw Printing? 34:10 - Floating Point Leviathan

This episode contains an interview with Christine Dodrill, ex Senior Software Reliability Expert at Lightspeed. We discuss Kubernetes, Spectre/Meltdown, configuration languages, a controversial testing philosophy, autoscaling (auto-failing), technical problems vs social problems, monoliths, Conway’s Law and Canada.Listen on Apple Podcasts or Spotify.HighlightsNotes are italicized.5:34 - Stack Overflow might become actively harmful if you’re working on WebAssembly or something sufficiently niche.7:40 - Spectre/Meltdown caused 20-40% slowdown at one workplace, which led to some interesting projects, like the aforementioned WebAssembly work11:30 - What’s up with the title Senior Site Reliability Expert?Apparently, you can’t call yourself an “engineer” in Canada, you need to go through some kind of process which software developers don’t need to bother. 14:40 - It’s questionable how much software developers are “engineers” in the first place.16:52 - YAML allows 8 values for boolean true and false, such as “no”, and “on”, which conflict with ISO code for Norway and Province code for Ontario. Maybe Starlark is an answer. Christine uses Dhall with promising results.Dhall looks like Haskell. It has a strong type system, with variables, functions, and imports, but otherwise a config language. They have a Kubernetes package.20:30 - Nix the language. An example to configure a website.24:00 - Experiences building internal tools that interact with other internal tools. Developers tend to have strange environments. One developer would only keep source code on a thumbdrive, and that would cause a few issues.27:20 - Compliance requirements can be a useful to stop developers from security snafus.29:30 - Experience with Kubernetes.30:40 - Kubernetes Autoscaling out of the box is a great way to cause downtime. Experiences on the Metrics team at Heroku which worked on autoscaling. Most applications tend to be I/O bound to the database, so autoscaling tends to become “auto-failing” and cause more problems than it solves.37:00 - PostgreSQL, PgBouncer, and Transaction ID wraparound. External postmortem.40:48 - “A lot of document databases are solutions looking for problems”45:30 - “Continuous Deployment can be a double edged sword”47:20 - “A lot of unit testing methodology I’ve seen is kind of fundamentally wrong. A fake version of the world will only let you see how fake your world is”. 53:30 - Experience with tiered deployments - stage, QA, and production.58:40 - Exploring the model where product engineers only build features, and SREs focus on reliability.A conclusion is that some governance is probably required to prevent a complexity explosion.60:30 - Monoliths are pretty great. Eventually, Conway’s Law takes place. Incongruities in products or APIs often reflect team boundaries.68:00 - Buzzwords at big companies. Get on the email list at www.softwareatscale.dev

FreeBSD on Cavium ThunderX, looking at NetBSD as an OpenBSD user, taking time-stamped notes in vim, OpenBSD 6.5 has been tagged, FreeBSD and NetBSD in GSoC 2019, SecBSD: an UNIX-like OS for Hackers, and more. ##Headlines ###ARM’d and dangerous: FreeBSD on Cavium ThunderX (aarch64) While I don’t remember for how many years I’ve had an interest in CPU architectures that could be an alternative to AMD64, I know pretty well when I started proposing to test 64-bit ARM at work. It was shortly after the disaster named Spectre / Meltdown that I first dug out server-class ARM hardware and asked whether we should get one such server and run some tests with it. While the answer wasn’t a clear “no” it also wasn’t exactly “yes”. I tried again a few times over the course of 2018 and each time I presented some more points why I thought it might be a good thing to test this. But still I wasn’t able to get a positive answer. Finally in January 2019 year I got a definitive answer – and it was “yes, go ahead”! The fact that Amazon had just presented their Graviton ARM Processor may have helped the decision. ###Looking at NetBSD from an OpenBSD user perspective I use to use NetBSD quite a lot. From 2.0 to 6.99. But for some reasons, I stopped using it about 2012, in favor of OpenBSD. Reading on the new 8 release, I wanted to see if all the things I didn’t like on NetBSD were gone. Here is a personal Pros / Cons list. No Troll, hopefully. Just trying to be objective. What I liked (pros) Things I didn’t like (cons) Conclusion So that was it. I didn’t spend more than 30 minutes of it. But I didn’t want to spend more time on it. I did stop using NetBSD because of the need to compile each and every packages ; it was in the early days of pkgin. I also didn’t like the way system maintenance was to be done. OpenBSD’s 6-months release seemed far more easy to manage. I still think NetBSD is a great OS. But I believe you have to spent more time on it than you would have to do with OpenBSD. That said, I’ll keep using my Puffy OS. ##News Roundup Using Vim to take time-stamped notes I frequently find myself needing to take time-stamped notes. Specifically, I’ll be in a call, meeting, or interview and need to take notes that show how long it’s been since the meeting started. My first thought was that there’s be a plugin to add time stamps, but a quick search didn’t turn anything up. However, I little digging did turn up the fact that vim has the built-in ability to tell time. This means that writing a bit of vimscript to insert a time stamp is pretty easy. After a bit of fiddling, I came up with something that serves my needs, and I decided it might be useful enough to others to be worth sharing. John Baldwin’s notes on bhyve meetings ###OpenBSD 6.5-beta has been tagged It’s that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect. CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2019/02/26 15:24:41 Modified files: etc/root : root.mail share/mk : sys.mk sys/conf : newvers.sh sys/sys : ktrace.h param.h usr.bin/signify: signify.1 sys/arch/macppc/stand/tbxidata: bsd.tbxi Log message: crank to 6.5-beta ###The NetBSD Foundation participating in Google Summer of Code 2019 For the 4th year in a row and for the 13th time The NetBSD Foundation will participate in Google Summer of Code 2019! If you are a student and would like to learn more about Google Summer of Code please go to the Google Summer of Code homepage. You can find a list of projects in Google Summer of Code project proposals in the wiki. Do not hesitate to get in touch with us via #netbsd-code IRC channel on Freenode and via NetBSD mailing lists! ###SecBSD: an UNIX-like OS for Hackers SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default. A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon. ##Beastie Bits Why OpenBSD Rocks Rich’s sh (POSIX shell) tricks Drinking coffee with AWK Civilisational HTTP Error Codes MidnightBSD Roadmap NetBSD on Nintendo64 From Vimperator to Tridactyl ##Feedback/Questions Russell - BSD Now Question :: ZFS & FreeNAS Alan - Tutorial, install ARM *BSD with no other BSD box pls Johnny - New section to add to the show Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.

2018-й год закончился, а это значит, что пора подвести его итоги. Сегодня мы постараемся вспомнить знаковые явления и тренды наметившиеся в игровой индустрии, поговорим о лучших играх и о самых громких провалах, не забудем и о самых ожидаемых играх года наступившего и о грядущем поколении консолей. Темы выпуска: — Наш топ игр 2018-го года — Еще игры, которые заслуживают внимания — Фильмы и сериалы — Крупнейшие провалы года — Уязвимости процессоров Spectre и Meltdown — Отток крупных издателей из Steam — Издатели ударились в игровые стриминговые сервисы — Слухи о смерти сингловых игр оказались преувеличены — Крупные релизы игр стали выходить не только осенью и не только по вторникам — Страсти по кроссплатформенному мультиплееру — Microsoft готовит новые эксклюзивы и покупает студии — Закрытие студий — Состоялся релиз знаковых игр из раннего доступа — Nvidia RTX — Возрождение AA-игр — Культурный феномен Fortnite — Самые ожидаемые игры нового года — Новое поколение консолей SavePoint — это еженедельный подкаст об играх и технологиях. Мы обсуждаем самые важные новости игровой индустрии, релизы и анонсы. Рассказываем о новинках, делимся инсайдами и просто любим хорошие видеоигры. Подкаст доступен в iTunes: https://itunes.apple.com/ru/podcast/savepoint/id1372052956?mt=2 , на Podster: https://savepoint.podster.fm/ и на DTF.ru в разделе «Подкасты» https://dtf.ru/podcasts, а также легко находится в любом альтернативном подкаст-плеере по названию. Чтобы быть в курсе всех важных новостей, подпишитесь на наш Telegram-канал: https://t.me/Svpnt Подкаст записывается каждое воскресенье в прямом эфире примерно в 16:00 по Мск. на канале https://www.twitch.tv/svpnt. Видеозаписи эфиров доступны на канале: https://www.youtube.com/channel/UCdhBiCKzS7OqiMkCKmPqi2Q Наше представительство в VK: https://vk.com/svpnt Поддержать проект можно здесь: https://streamlabs.com/svpnt

Подводим итоги года: рассказываем о ключевых событиях 2018, любимых гаджетах, играх, фильмах и подкастах; знакомим вас с другими участниками BeardyCast, которые не участвуют в записи подкастов. С Новым годом! Ключевые события в 2018 году 00:00:00 - Вступление 00:01:09 - Фундаментальные уязвимости Spectre и Meltdown в процессорах Intel, AMD и некоторых ARM-чипсетах «Спешл» о Spectre и Meltdown с Алексом Пацаем 00:07:26 - Европа и внедрение GDPR Подкаст о GDPR с Сергеем Кудряшовым 00:15:07 - Блокировка Telegram в России Приложение Opener Цифровое сопротивление: BeardyCast 120, 153, 154, 155 00:22:21 - Закончилось безумие по блокчейну и криптовалютам 00:24:50 - Умер Пол Аллен — человек, с которым Билл Гейтс основал Microsoft и с которым на протяжении нескольких лет развивал компанию 2018 год для компаний, смартфонов и рынка подкастов 00:27:53 - Microsoft в 2018 году 00:44:17 - Apple в 2018 году 01:03:35 - Google в 2018 году 01:28:35 - Intel в 2018 году 01:35:58 - 2018 год для смартфонов: «вырезы» и «дырки» в экранах 01:38:18 - 2018 год для русскоязычных подкастов: крупные медиа в подкастинге; площадки LOUDDLY, «ВКонтакте», DTF.ru, «Яндекс.Немузыка» Любимые подкасты, гаджеты, игры и фильмы 02:03:14 - Подкасты, которые мы слушали в 2018 году Сергей: «Русский шаффл», tvkinoradio, «Пироги», «Токсичные Отходы» Антон: Читайте нашу рубрику «Бородайджест» Андрей: «КритМышь», Wireframe, The Horror of Dolores Roach 02:10:59 - Гаджеты, которые мы купили в 2018 году (и остались ли довольны покупками) Антон: смартфон OnePlus 6T, «умный» экран Google Home Hub, часы Fossil Q Explorist HR Сергей: Google Home Hub, Google Chromecast, Google Home Mini, Chromecast Audio Андрей: синтезатор ROLI Seaboard Block и фотоаппарат Fujifilm X-T3, кресло Herman Miller Embody, очки Felix Gray, «умная» колонка Apple HomePod и часы Apple Watch Series 4 (мнение Алекса Пацая, выпуск loud.mer и выпуск BeardyBuilding о часах в контексте спорта) 02:28:27 - Фильмы и сериалы, которые мы смотрели в 2018 году Сергей: «Лето», «Остров собак», «Тихое место» Антон: «Аннигиляция», «Мстители: Война бесконечности» Андрей: 2017 год — «Проект „Флорида“», «Три билборда на границе Эббинга, Миссури»; 2018 год — «Экстаз», «Человек-паук: Через вселенные», «Рим» Кино-опыт — интерактивный фильм Black Mirror: Bandersnatch 02:42:15 - Во что мы играли в 2018 году Топ Андрея: Celeste, Owlboy, Dead Cells, God of War Топ Владимира: Super Smash Bros. Ultimate, Octopath Traveller, Into the Breach, Forza Horizon 4 Канал Gamescore Fanfare 2018 год для BeardyCast 03:22:41 - У нас появились другие участники проекта, благодаря которым произошёл такой активный рост BeardyCast Георгий Джеджея ведет модуль о фото Глеб Пекный пишет новости в Telegram Андрей Kazusaki рисует изображения к статьям Иван монтирует подкасты Мы делаем первый (насколько нам известно) брендированный подкаст на русскоязычном рынке. Заказчик — «ИНВИТРО» 04:28:50 - Заключение и прощание. Спасибо всем вам, хороших праздников — и с наступающим Новым годом!

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer! Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer! Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs! In the Security News this week, 7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer!   Full Show Notes: https://wiki.securityweekly.com/Episode583 To learn more about DFLabs, go to: www.dflabs.com/securityweekly   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs! In the Security News this week, 7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer!   Full Show Notes: https://wiki.securityweekly.com/Episode583 To learn more about DFLabs, go to: www.dflabs.com/securityweekly   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Meltdown. Oracle's quarterly patch bulletin is out. Fallout, clarifications, and more fallout from the Helsinki summit. US agencies continue preparations to secure elections and infrastructure. Robert M. Lee from Dragos on the Electrum threat group. Guest is Jonathan Couch from Threat Quotient on Dark Web markets.   For links to stories in today's CyberWire podcast, check out our daily news brief. https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_18.html

In this week’s Shadow Talk, the pod unpacks the reporting on VPN Filter, a malware affecting half a million network devices. Reports have suggested that the malware is being prepped to perform imminent large scale disruptive attacks against Ukrainian infrastructure. We also cover new research on the TRITON malware targeting industrial control and SCADA systems, as well as new techniques for the Roaming Mantis malware family. Finally, we bring you updates on vulnerabilities related to VBScript and the Spectre/Meltdown attacks.

This week on the show give you the latest on the new Intel flaw. We take an interesting question from a caller who asks Noah, can a router be virtualized? Plus we give you the run down on our Small Business Theme Hour coming up in early June.

This week on the show give you the latest on the new Intel flaw. We take an interesting question from a caller who asks Noah, can a router be virtualized? Plus we give you the run down on our Small Business Theme Hour coming up in early June.

This week on the show give you the latest on the new Intel flaw. We take an interesting question from a caller who asks Noah, can a router be virtualized? Plus we give you the run down on our Small Business Theme Hour coming up in early June.

We Found Another Spectre, Meltdown Flaw | Ask Noah Show 66 This week on the show give you the latest on the new Intel flaw. We take an interesting question from a caller who asks Noah, can a router be virtualized? Plus we give you the run down on our Small Business Theme Hour coming up in early June. -- The Cliff Notes -- For links to the articles and material referenced in this week's episode check out this week's page from o our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/66) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Jupiter Broadcasting (https://twitter.com/jbsignal)

So the studies are in and, surprise surprise, it turns out the video games to not make you a crazy murder-happy sociopath! I know it's hard to understand, but it turns out that this study has been done before . . . repeatedly. What does, perhaps, indicate that you're a sociopath is when you use the stolen information of over 50 MILLION Facebook users to create a campaign to become President. Oops.Headlines:* Violent video games don't breed violence* Strava changes their policy on who sees what* Trump-linked firm harvests user data from 50 million Facebook users without permission...* ...but was it a breach?* YouTube Kids just wants to educate about the lizard hybrids in power* Equifax exec charged with insider trading* EU wants to filter all code uploaded to the Web* Broadcom drops Qualcomm bid* AMD has its own Spectre Meltdown problem* TSA isn't searching your phones. They just want to see everything that's on them* Fitbit reveals new wearables* Blackberry: Still good if you're in a drug cartel!* Google Maps introduces new way to give addresses in places where they may not existZuke’s Favorite: The Last Jedi fixes all Star Wars space battlesZohner’s Favorite: Avengers Assemble See acast.com/privacy for privacy and opt-out information.

On this episode, we welcome Bill Hughes, RMM Product Manager at Continuum, to chat through the recently disclosed Spectre and Meltdown vulnerabilities and how MSPs can effectively leverage these news events to inform their clients and create sales opportunities. We also discuss some recent industry news, share some vulnerability statistics and close with a new segment on habits of successful MSPs. Tune in now!

2018 kicked off with Data Centers in full panic because of Spectre and Meltdown.  Eddie and Vince examine these hacks through the lens of Prosiliency and how to mitigate risks in your data center. Our Location: Ainsworth, a new restaurant in KC The Beer: Copperhead Pale Ale. Rating: 5.25 The Food: Macaroni and Cheese Fries. Rating: 7.1   How to contact us: Eddie Perez: https://www.linkedin.com/in/eperez507/ Vince Vaughan: https://www.linkedin.com/in/vincevaughan/ Twitter: @GetProsiliency http://www.prosiliency.com Remember to Back that Sh!t up!

Join The Full Nerd gang as they talk about the latest PC hardware topics. In today's show we discuss whether or not APUs will stay relevant after the GPU/mining crisis, the new rumors around Nvidia's next graphics cards, some Spectre and Meltown updates, and of course your questions!

Andromeda & Polaris, Spectre & Meltdown und defekte Hardware von Microsoft

Welcome to Episode 2 of My Tech Opinion.In this episode, Shayne and Phil talk the Spectre and Meltdown issues plaguing computer processors.Here are some links as to what we talked about:Tech News:Intel has told users to NOT install its firmware updates for the Spectre/Meltdown bug until further notice.http://www.zdnet.com/article/intel-stop-firmware-patching-until-further-notice/Australian TAFE’s to offer Cyber Security Courses.https://www.arnnet.com.au/article/632581/australia-tafes-launch-cyber-security-certification-courses/Apple have finally announced that their HomePod speaker is ready to buyhttps://www.macrumors.com/2018/01/23/homepod-launches-feb-9-preorders-jan-26/Amazon opens their first Amazon Go retail store in Seattlehttps://www.nytimes.com/2018/01/21/technology/inside-amazon-go-a-store-of-the-future.htmlElon Musk gets to keep his Job at Tesla.https://arstechnica.com/cars/2018/01/huge-pay-package-convinces-elon-musk-to-stay-at-tesla-for-10-more-years/Feature Topic - Spectre and Meltdown:https://www.businessinsider.com.au/intel-chip-bug-meltdown-and-spectre-explained-2018-1?r=US&IR=Thttps://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainerhttps://qz.com/1171811/intel-intc-ceo-brian-krzanich-sold-off-the-majority-of-his-stock-after-finding-out-about-the-meltdown-and-spectre-security-flaws/https://www.theverge.com/2018/1/11/16880922/amd-spectre-firmware-updates-ryzen-epy

Special guest Rene Ritchie returns to the show to talk about HomePod, clickbait, the Spectre/Meltdown security exploits, and a look back at Apple’s 2017 in review.

In today's podcast we hear that ISIS is howling "we are in your home" as they lose their own home. Intel says a new patch for Spectre and Meltdown is coming to fix instability problems. Babies' social security numbers and other data are for sale on the dark web. So are email credentials from top-500 British law firms. Look closely at urls—IDN spoofing is out and about. Satori expands the reach of its botnets. New ransomware strains surface. SpriteCoin is no coin at all. Joe Carrigan from JHU responding to listener mail about disabling links in email. Chris Webber from SafeBreach on using simulations to test for Meltdown and Spectre vulnerabilities. And Sonic the Hedgehog fans watch out: three popular games may expose you to hacking. 

This week, Paul reports on malicious Google Chrome extensions, Lenovo releases security advisory, critical flaw in all Blizzard games, and Intel halts Spectre/Meltdown patching! Jason Wood joins us for the expert commentary on malware, and more on this episode of Hack Naked News!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode158   Visit https://www.securityweekly.com/hnn for all the latest episodes!  

This week, Paul reports on malicious Google Chrome extensions, Lenovo releases security advisory, critical flaw in all Blizzard games, and Intel halts Spectre/Meltdown patching! Jason Wood joins us for the expert commentary on malware, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode158 Visit http://hacknaked.tv to get all the latest episodes!

This episode was recorded at the Continental Hotel in Budapest, where Tony and I were joined by Office 365 MVPs Alan Byrne and Vasil Michev. We explore the wonders of the Spectre/Meltdown vulnerability and learn how it affects– or doesn’t affect– Exchange … Continue reading →

Пілотний випуск подкасту Na chasi 1. Spectre та Meltdown: за мить до «зради» — випробування для Intel 2. CES 2018 та нестандартні стартапи 3. Amazon і звання найбагатшої людини світу для Безоса — як це стало можливим 4. Facebook знову змінить алгоритм і прибере новини брендів: Що нам робити, Марку? 4. Українські стартапи на CES-2018

2018 is here—with an opening salvo that underscores the need for security in every layer, all the way down to silicon. We delve into the world of Spectre and Meltdown, attempt to explain it with a non-technical analogy, and then explore what it means for both chip vendors and the security industry as a whole. Another billion user breach and the current status of IoT preparedness are also in the mix, along with a potential “whistlestop” train trip to the Identiverse conference with an identity-centric case of . . . tens? hundreds? thousands? (We’re gonna need a bigger train.)

2018 год начался с открытия двух фундаментальных уязвимостей в архитектуре и логике работы современных процессоров. Мы пригласили Алекса Пацая из Телеграм-канала «Информация опасносте» и обсудили с ним причины возникновения Spectre и Meltdown, принципы их работы и дальнейшие перспективы.   Темы 00:00:00 — Спецвыпуск о Spectre и Meltdown. Гость Алекс Пацай, канал @alexmakus 00:00:43 — Предположение Андерса Фога 00:01:35 — Прогнозированное исполнение команд 00:03:07 — Что такое KASLR 00:04:11 — Meltdown: сотрудники Грацского технологического университета 00:07:19 — Конец жизни Криса Касперски 00:09:02 — Meltdown для человека вне мира технологий 00:10:58 — Какие процессоры подвержены Meltdown 00:13:09 — Spectre: Ян Хорн и элитная команда Google Project Zero 00:14:24 — Предварительная «утечка» публикации о Spectre и Meltdown 00:15:55 — Отличия Spectre и Meltdown 00:18:54 — Для кого опасны эти уязвимости 00:20:31 — Эксплуатация Spectre и Meltdown 00:23:20 — Как компании закрывают уязвимости 00:26:36 — Стоит ли покупать сейчас гаджеты? 00:28:45 — Что делать? Ставить апдейты и терпеть 00:29:52 — Заключение и прощание   Источники The Daily Stratchery The Register Google Security Blog Google Project Zero Blog Список уязвимых процессоров ARM Как Spectre и Meltdown влияют на WebKit Dev.to Примеры работы уязвимостей Mozilla Meltdown и Spectre   → Другие подкасты The Big Beard Theory | BeardyBuilding   → Подписаться в социальных сетях @BeardyShow | @BeardyTheory | Telegram   → Поддержать проект на Patreon Patreon

This is easily our best podcast of 2018 (so far). The crew discusses the recent spike in crypto-mania sweeping the globe and also goes in-depth on how vulnerability discovery plays a critical role in overall security. Plus, the crew all (shockingly) have different takes on Spectre/Meltdown and Craig decides to up the ante with the killer robots.

Bringing you a special second episode this week with Matt Linton and Paul Turner sharing insights with Mark and Melanie about the CPU vulnerabilities, Spectre & Meltdown, and how Google coordinated and managed security with the broader community. We talked about how there has been minimal to no performance impact for GCP users and GCP's Live Migration helped deploy patches and mitigations without requiring maintenance downtime. Due to the special nature, no cool things or question included on this podcast. About Matt Linton Matt is an Incident Manager (aka Chaos Specialists) for Google, which means his team is on-call to handle suspected security incidents and other major urgent issues. About Paul Turner Paul is a Software Engineer specializing in operating systems, concurrency, and performance. Interview Protecting our Google Cloud customers from new vulnerabilities without impacting performance blog What Google Cloud, G Suite and Chrome customers need to know about the CPU vulnerability blog Google Security Blog, Today's CPU vulnerability: what you need to know blog ProjectZero News and Updates by Yann Horn blog Spectre Attack paper Meltdown Paper paper Intel Security Center site Intel Analysis of Speculative Side Channels site An Update on AMD Processor Security: site ARM Processor Security Update site GCP Compute Engine Live Migration docs GCP Security Overview site Patch your operating systems and all the things. Keep updated.

Nesta semana o papo é sobre os bugs Spectre/Meltdown, sobre as novidades da CES, e sobre o 1º episódio da nova temporada de Black Mirror!

We're back! Hope you enjoyed the holidays, we're kicking off with a feature on one of our favourite topics... Millennials. We're vilified as spoilt, idle, and perpetually in childhood. We did everything we were supposed to: got an education, work experience, applied for tens of jobs, and even tried to start our own businesses. Many of us have been struggling at this for over a decade... And yet we still can barely afford rent - let alone purchase a house. We're frequently competing against more experienced generations applying for entry level jobs. Even those with a masters degree find themselves in insecure work with low pay, weird hours, and no clear path of progression. No wonder so many are needing support from a parental safety net. But even that stereotype misrepresents the majority of Millennials: who never went to university, who's parents won't let them live at home and can't support them with a down-payment. "What if the problem isn't us?" asked Michael Hobbes of Huffiington Post Highline. "What if the world is fundamentally different to the one our boomer parents are expecting us to succeed in?" We interview Michael to discuss his most recent article "Millennials are Screwed", one of our favourite articles of recent months. His article focuses on the USA, but so many of these issues are familiar in any developed country. We need to see the issues clearly, hold the boomers accountable, and fix things through serious paradigm and policy change. If you do one thing this week, check out his article below: http://highline.huffingtonpost.com/articles/en/poor-millennials/ Also, Michael tweets: https://twitter.com/RottenInDenmark ...and makes consistently great content: https://michaelhobbes.contently.com/ ___ Also on the pod this week: - Big Thinking: A chat with cybersecurity expert Jonathan Humphries on the recently discovered Spectre/Meltdown vulnerabilities, and their implications for geopolitics. He's up for Q&A at a later point, so be sure to send in your questions. - Meanwhile on Twitter: We can't resist a laugh about PIxelated Boat's 'Gorilla Channel' tweet (https://goo.gl/6NVpUu) fooling so many people. What is more damning - that too many on the Twitter Left do not pause to check their sources, or that something so crazy about the current POTUS is totally believable. ___ Like what you hear? Support us by... Following on FB – www.facebook.com/connectedanddisaffected/ Following on Twitter – twitter.com/CandDPodcast Reviewing on ITunes – itunes.apple.com/gb/podcast/connected-disaffected/ Email your comments and ideas - connectedanddisaffected@gmail.com

Start of "WHY" series, why every product and product team needs a hater, where Goop falls short and Honest Brands aren't. Maybe a hater could've helped Spectre/Meltdown bug? Intro: Foo Fighters - Make it Right

Первые рабочие дни после сонных зимних праздников мы вам предлагаем провести за не менее сонным новым выпуском Завтракаста, в которым ведущим на полставки к нам опять вернулся Григорий «Bobuk» Бакунов. Такое странное название нового выпуска легко объясняется тем, что мы в деталях пытаемся разобраться в ужасах, которые таят за собой найденные недавно в огромном количестве процессоров уязвимости – Meltdown и Spectre. Кроме того, в этом Завтракасте мы много уделили времени последним новостям из мира игр (сколько там проданных Switch и когда их взломают), медиа (что посмотреть из сериалов и кино) и технологий (когда уже прекратится война h.264 и webm). Шоуноуты Какие опасности таят в себе уязвимости Spectre и Meltdown Дима посмотрел и советует сериал Wasted Похоже, ремастер Burnout Paradise нас ожидает уже весной Nintendo Switch стала самой быстро продаваемой консолью в США за всю историю Хакеры обещают релизнуть взлом для любой прошивки Nintendo Switch уже весной Дима попробовал поиграть в Rainbow Six Siege на ПК и страдает Какие игры стали лидерами по продажам в PSN Store за 2017 год Оказалось, что Destiny 2 в ходе разработки постигла судьба первой Destiny – игру переделали с нуля за полтора года до релиза Дима поиграл в Yakuza Zero Тимур советует кучу фильмов и […] Запись Завтракаст №86 – Расплавление призрака впервые появилась Zavtracast.

The Digital Shadows team discusses the highlights of the past seven days, including Meltdown and Spectre, the release of Satori code, OpNetNeutrality, OpIcarus and Monero mining malware.