Paul's Security Weekly (Audio) SignalGate and How Not To Protect Secrets - PSW #867
Mar 27, 2025
In this engaging discussion, Sam Bowne, a guest expert in password security and data breaches, dives into pressing cybersecurity concerns. He reveals how vulnerabilities can go unpatched, leading to dire consequences. The podcast highlights alarming breaches, like Oracle's cloud hack, and casts a spotlight on the pitfalls of secure communication apps like Signal. Bowne emphasizes the need for better password practices and outlines the risks associated with genetic data from services like 23andMe. Plus, there's a whimsical cat prank script that adds a light-hearted twist!
AI Snips
Chapters
Transcript
Episode notes
Verify Vendor Breach Claims
- Treat vendor breach denials skeptically and validate independently when possible.
- Preserve evidence (e.g., provided proof files) because vendors sometimes deny breaches until forced to acknowledge them.
Reference Code Spreads Bugs
- Reference or example code often becomes de facto implementations and can carry critical bugs into production.
- Quarkslabs and others find that fixing reference code before wide adoption prevents systemic vulnerabilities.
Harden AI Defenses Against Jailbreaks
- When adding AI to defensive stacks, evaluate how adversarial inputs can mislead automated triage.
- Test AI agents for jailbreaks because attackers can target AI's decision logic, not just models themselves.