-
Podcast Jan 23, 2023
Root Causes 271: A Whole Fleet of Identity-based Automotive Hacks
Manufacturers' dependence on non-secret "secrets" such as VIN and email address expose many vulnerabilities.
-
Podcast Jan 20, 2023
Root Causes 270: What Is the Difference Between KEM and PKE?
We explain the difference between Public Key Exchange (PKE) and Key Encapsulation Methods (KEM) and why we're moving from one to another.
-
Podcast Jan 16, 2023
Root Causes 269: Did a Patent Dispute Nearly Derail PQC?
On July 5, 2022 NIST announced its Round 3 PQC winners. That same day, a patent cleared that made this possible.
-
Podcast Jan 12, 2023
Root Causes 268: WAFs Subverted by JSON Bypass
Rising attacks can overcome the protections of Web Application Firewalls (WAF). We explain these attacks and what you should do to ensure you're safe.
-
Podcast Jan 09, 2023
Root Causes 267: Can Quantum Computers Break RSA Today?
New research suggests a quantum computer may be applied to breaking RSA in a different way from Schor's algorithm. We discuss the potential implications.
-
Podcast Jan 04, 2023
Root Causes 266: End-to-end Encryption in the Apple Technology Stack
Recent announcements from Apple lay out a set of expansions in the scope and capability of encryption throughout the Apple ecosystem.
-
Podcast Dec 28, 2022
Root Causes 265: A Banner Year for Post-quantum Cryptography
2022 was post-quantum cryptography's biggest year so far. We go over many developments in PQC, including the NIST round 3 winners.
-
Podcast Dec 23, 2022
Root Causes 264: Crypto Agility for 2023
We define the important needs that are changing the crypto agility landscape, including CA independence, public cloud, PQC, and FIDO 2/WebAuthn.
-
Podcast Dec 20, 2022
Root Causes 263: Secure Connection Methods Roundup
We discuss the three methods a user might choose for secure remote communications: VPN, SSH, and TOR, with use cases and the pros and cons of each.
-
Podcast Dec 14, 2022
Root Causes 262: The Continuing Erosion of Online Identity
We look back at the continued erosion of reliable online identity, including deep fakes, celebrity phishing, AI-generated art and Twitter blue check marks.
-
Podcast Dec 13, 2022
Root Causes 261: Why I Don't Say Spoof
The word spoof is a security industry term used regarding social engineering attacks. We discuss why this word is problematic in a security context.
-
Podcast Dec 08, 2022
Root Causes 260: CA TrustCor Deprecated
Public CA TrustCor has had its roots deprecated by Microsoft and Mozilla. We explain what happened and why these roots ultimately were distrusted.