-
Podcast Oct 08, 2024
Root Causes 429: ServiceNow Outage Due to Expired Root Certificate
A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.
-
Podcast Oct 04, 2024
Root Causes 428: .MOBI Attack Puts WHOIS-based DCV into Question
White hat researchers control .mobi WHOIS, signaling the decline of WHOIS as a reliable source for Domain Control Validation (DCV) emails.
-
Podcast Oct 02, 2024
Root Causes 427: Mapping CLM to NIST CSF 2.0
In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.
-
Podcast Sep 30, 2024
Root Causes 426: Expired Certificate Takes Down Bank of England
A certificate expiration is now known to have created July's outage of Bank of England. Join us as we shake our heads in amazement yet again.
-
Podcast Sep 27, 2024
Root Causes 425: PQC Requirements for Voting Systems
In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.
-
Podcast Sep 25, 2024
Root Causes 424: Using LoRA IoT Protocol for Clandestine Communication
In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network.
-
Podcast Sep 20, 2024
Root Causes 423: Is a Certificate Software or a Service?
In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration.
-
Podcast Sep 19, 2024
Root Causes 422: New Date for Entrust Distrust
With a few easy tweaks, you can get your track to listeners most likely to love it. Learn more about how to modify your track to make it eligible.
-
Podcast Sep 16, 2024
Root Causes 421: FIDO 2 Implementation Problems
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.
-
Podcast Sep 13, 2024
Root Causes 420: New Side Channel Attack Against YubiKeys
EUCLEAK, a newly revealed side-channel vulnerability, can clone the contents of a YubiKey. We talk about the attack and its significance.
-
Podcast Sep 10, 2024
Root Causes 419 - What Happens to Vendors Who Don't Support ACME?
There are still products and operating systems that don't support ACME. We explore what happens to them when 90-day SSL certificates become required.
-
Podcast Sep 06, 2024
Root Causes 418: From Cryptographic Homogeneity to Heterogeneity
PQC will move us from cryptographic homogeneity to cryptographic heterogeneity, with multiple KEMs and DSAs eventually expected as ongoing standards.