PSW #772 - Hal Pomeranz

Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors?  Segment Resources: https://github.com/evilsocket/opensnitch  https://securityonionsolutions.com/software/  https://deer-run.com/users/hal/  https://archive.org/details/HalLinuxForensics  In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul’s Security Weekly!  Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw772