The "miracle" began Nov. 16, 1999, when Cherica Adams was shot four times in Charlotte, N.C. A hitman tried to murder Adams, the girlfriend of NFL star Rae Carruth, and their unborn son, Chancellor Lee. But the hitman failed. Now, a year-long investigation exposes stunning new details of the crime that shocked the sports world—and the impacts still being felt years later. Hosted by Charlotte Observer reporter Scott Fowler, who has covered this saga for 19 years.
…
continue reading
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject ...
…
continue reading
Intel 471's podcast with a twist! Join us for the first fully interactive threat hunting podcast where you can hang out with threat hunters from all over the world! Join a rag-tag bunch of threat hunters as they come out of the woods to explore some of the most burning issues related to cyber security. The Out of the Woods podcast is a casual talk covering the topics of threat hunting, security research, and threat intelligence, and some ranting and raving along the way, all over a cocktail ...
…
continue reading
White hat researchers managed to take over WHOIS for the .mobi TLD. Among other things, this discovery foretells the death of WHOIS as a valid email source for Domain Control Validation (DCV).由Tim Callan and Jason Soroko
…
continue reading
News reports claim Chinese researchers broke AES with a quantum annealing computer. We clarify the details and talk about the implications of this reported discovery.由Tim Callan and Jason Soroko
…
continue reading
We explore the question of whether or not we have enough electricity to fuel AI's expected growth.由Tim Callan and Jason Soroko
…
continue reading
Apple recently floated a draft CABF ballot for commentary that steps down maximum term for SSL certificates starting next year and eventually landing at 45 days in 2027. We share the details.由Tim Callan and Jason Soroko
…
continue reading
Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior. In this episode we go over the proposal and explain its potential consequences.由Tim Callan and Jason Soroko
…
continue reading
**[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malwa…
…
continue reading
In this episode we give a high-level explanation of what happens in a TLS 1.3 handshake and then discuss what will happen when PQC is included.由Tim Callan and Jason Soroko
…
continue reading
A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.由Tim Callan and Jason Soroko
…
continue reading
**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-c…
…
continue reading
In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.由Tim Callan and Jason Soroko
…
continue reading
A certificate expiration is now known to have created July's outage of Bank of England. Join us as we shake our heads in amazement yet again.由Tim Callan and Jason Soroko
…
continue reading
In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.由Tim Callan and Jason Soroko
…
continue reading
In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network, and how it can be used for secret communications.由Tim Callan and Jason Soroko
…
continue reading
**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-c…
…
continue reading
In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration. We discuss revocation checking, CT logging, GAAP accounting, linters, certificate tracking tools, Certificate Lifecycle Management, standards bodies, post-quantum cryptography, and subscription models.…
…
continue reading
The Chrome root program has changed the date for the Entrust distrust. Join us to get the details.由Tim Callan and Jason Soroko
…
continue reading
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.由Tim Callan and Jason Soroko
…
continue reading
EUCLEAK, a newly revealed side channel vulnerability, can clone the contents of a YubiKey. We talk about the attack and its significance.由Tim Callan and Jason Soroko
…
continue reading
**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea’s social engineering attacks on the crypto industr…
…
continue reading
1
Root Causes 419: What Happens to Vendors Who Don't Support ACME When 90-day Certificates Come?
16:14
Though it is the closest thing to an industry-standard API, there are still products and operating systems that don't support ACME. In this episode we explore what happens to these products once 90-day SSL certificates become the requirement.由Tim Callan and Jason Soroko
…
continue reading
One seldom discussed consequence of quantum computers and PQC is the move from cryptographic homogeneity to cryptographic heterogeneity, with multiple KEMs and DSAs eventually expected as ongoing standards. We examine the consequences of this change.由Tim Callan and Jason Soroko
…
continue reading
In this episode of "Out of the Woods: The Threat Hunting Podcast," Scott and Tom dive into the latest threat hunting headlines for the week of September 2nd, 2024. They explore how basic techniques are being repurposed in advanced ways, such as using Google Sheets for command and control in a suspected espionage campaign and employing web dev to en…
…
continue reading
We introduce pkimetal, an open source project from Rob Stradling that allows CA to write to many popular linters with a single integration. We explain the importance and pitfalls of linters and how pkimetal improves linter implementation.由Tim Callan and Jason Soroko
…
continue reading
An enterprise SSL subscriber recently used a Temporary Restraining Order to prevent the proper revocation of misissued certificates. We explain what happened, why it's deeply problematic, and how the industry might consider responding.由Tim Callan and Jason Soroko
…
continue reading
In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-…
…
continue reading
NIST recently released PQC algorithmic standards in FIPS-203, FIPS-204, and FIPS-205 (ML-KEM, ML-DSA, and SLH-DSA). We describe what is necessary for enterprises to begin using these algorithms.由Tim Callan and Jason Soroko
…
continue reading
In this episode we detail the mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revocation deadline applies.由Tim Callan and Jason Soroko
…
continue reading
In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on c…
…
continue reading
On August 13, 2024, NIST released its first three standards for PQC algorithms, ML-KEM, ML-DSA, and SLH-DSA. We tell you where to find them and talk about what happens next.由Tim Callan and Jason Soroko
…
continue reading
Top 5 Threat Hunting Headlines - 12 Aug 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true 2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices https://reasonlabs.com/research/new-w…
…
continue reading
Cookies are incredibly useful but also pose grave privacy concerns. We have in the past covered Chrome's initiatives to replace cookies. Now Chrome has announced that for the foreseeable future cookies will remain. We explain.由Tim Callan and Jason Soroko
…
continue reading
A popular belief is that Grover's algorithm will require that we double our AES key sizes. Repeat guest Bas Westerbaan of Cloudflare explains why this myth is incorrect and talks through the concept of "security levels" in post-quantum cryptography.由Tim Callan and Jason Soroko
…
continue reading
We examine one specific aspect of the recent CrowdStrike flaw. Microsoft blames the problem on the fact that it must, by European law, allow kernel updates to Windows. We unpack the challenges this poses.由Tim Callan and Jason Soroko
…
continue reading
This week Mozilla chose to follow Chrome in deprecating the Entrust trusted roots. We give you the details and explain why this action matters.由Tim Callan and Jason Soroko
…
continue reading
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top …
…
continue reading
In the past three months we featured far-ranging conversations about post-quantum cryptography (PQC) with experts Bas Westerbaan of Cloudflare, Dustin Moody of NIST, and Bruno Coulliard of Crypto4A. In this episode we recap important takeaways from these conversations.由Tim Callan and Jason Soroko
…
continue reading
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top …
…
continue reading
WebAuthn arrived last year with great fanfare. But here we are in the latter half of 2024, and they are rarely used. In this episode we discuss why.由Tim Callan and Jason Soroko
…
continue reading
When we discuss certificate discovery in CLM platforms, there is a common assumption that we're talking about public certificates exclusively. In this episode we explain the value of certificate discovery for internal PKI certificates also.由Tim Callan and Jason Soroko
…
continue reading
In this episode we explain what an adversarial, self-replicating prompt, otherwise known as a prompt worm.由Tim Callan and Jason Soroko
…
continue reading
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up …
…
continue reading
The US Supreme Court has struck down the Chevron Deferment, which greatly expanded federal agencies' power to interpret and enforce statutes. This monumental ruling stands to shift power considerably from agencies to courts and will put more pressure on legislatures to determine precise laws around tech. We explore the consequences of this ruling.…
…
continue reading
We are joined again by Dustin Moody, who leads the NIST search for PQC algorithms. In this episode Dustin describes going-forward efforts, including Round 4 of the NIST contest and the Onramp. We discuss some of the candidate algorithms and the consequences of having multiple algorithms available for use.…
…
continue reading
A new social engineering exploit instructs victims to enter command line prompts to hack themselves on behalf of the hacker. We explain and discuss potential responses.由Tim Callan and Jason Soroko
…
continue reading
A newly revealed OpenSSH vulnerability can open enterprises to remote code execution. We explain what is happening, why you should care, and what to do about it.由Tim Callan and Jason Soroko
…
continue reading
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up …
…
continue reading
To combat piracy of sporting event transmissions, a French court has ordered major tech companies including Google and Cloudflare to poison DNS settings. In this episode we provide some detail and generally marvel at this strange decision.由Tim Callan and Jason Soroko
…
continue reading
On June 27, 2024 Google Chrome announced it was distrusting Entrust as a public CA starting November 1, 2024. We explain what to expect, go over Google's stated reasons, and share some of what lead up to this.由Tim Callan and Jason Soroko
…
continue reading
In this episode we are joined by Dr. Dustin Moody, leader of the NIST post-quantum cryptography contest. Dustin gives us an inside view of the background behind NIST's decision to run the contest and how we got to where we are today.由Tim Callan and Jason Soroko
…
continue reading
Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 25 June 2024 1. Positive Techno…
…
continue reading