Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Blog Pricing
Podcast Image

Root Causes: A PKI and Security Podcast

Technology Business Science

Activity Overview

Episode publication activity over the past year

Episodes

Showing 201-300 of 642
«« ← Prev Page 3 of 7 Next → »»

Root Causes 409: Mozilla Distrusts Entrust

02 Aug 2024

Contributed by Lukas

This week Mozilla chose to follow Chrome in deprecating the Entrust trusted roots. We give you the details and explain why this action matters.

Root Causes 408: Takeaways from Recent Conversations with PQC Experts

29 Jul 2024

Contributed by Lukas

In the past three months we featured far-ranging conversations about post-quantum cryptography (PQC) with experts Bas Westerbaan of Cloudflare, Dustin...

Root Causes 407: Whatever Happened to Passkeys?

25 Jul 2024

Contributed by Lukas

WebAuthn arrived last year with great fanfare. But here we are in the latter half of 2024, and they are rarely used. In this episode we discuss why.

Root Causes 406: Certificate Discovery Is for Internal Certificates, Too

22 Jul 2024

Contributed by Lukas

When we discuss certificate discovery in CLM platforms, there is a common assumption that we're talking about public certificates exclusively. In thi...

Root Causes 405: What Is an Adversarial Self-replicating Prompt?

19 Jul 2024

Contributed by Lukas

In this episode we explain what an adversarial, self-replicating prompt, otherwise known as a prompt worm.

Root Causes 404: SCOTUS Ruling Will Change IT Security Regulation

16 Jul 2024

Contributed by Lukas

The US Supreme Court has struck down the Chevron Deferment, which greatly expanded federal agencies' power to interpret and enforce statutes. This mon...

Root Causes 403: NIST PQC Contest Round 4 and Onramp with Dustin Moody

12 Jul 2024

Contributed by Lukas

We are joined again by Dustin Moody, who leads the NIST search for PQC algorithms. In this episode Dustin describes going-forward efforts, including ...

Root Causes 402: New Social Engineering Powershell Attack

09 Jul 2024

Contributed by Lukas

A new social engineering exploit instructs victims to enter command line prompts to hack themselves on behalf of the hacker. We explain and discuss po...

Root Causes 401: New SSH Remote Code Execution Vulnerability Revealed

05 Jul 2024

Contributed by Lukas

A newly revealed OpenSSH vulnerability can open enterprises to remote code execution. We explain what is happening, why you should care, and what to ...

Root Causes 400: French Court Orders DNS Poisoning

02 Jul 2024

Contributed by Lukas

To combat piracy of sporting event transmissions, a French court has ordered major tech companies including Google and Cloudflare to poison DNS settin...

Root Causes 399: Entrust Distrusted

28 Jun 2024

Contributed by Lukas

On June 27, 2024 Google Chrome announced it was distrusting Entrust as a public CA starting November 1, 2024. We explain what to expect, go over Googl...

Root Causes 398: History of the NIST PQC Contest with Dustin Moody

27 Jun 2024

Contributed by Lukas

In this episode we are joined by Dr. Dustin Moody, leader of the NIST post-quantum cryptography contest. Dustin gives us an inside view of the backgro...

Root Causes 397: All Post Quantum Systems Are Terrible

24 Jun 2024

Contributed by Lukas

In this new conversation with Bas Westerbaan of Cloudflare, we reveal that all existing PQC systems present significant problems for incorporation int...

Root Causes 396: The Trouble with Microsoft Recall

21 Jun 2024

Contributed by Lukas

Microsoft has proposed a feature called Recall that uses screen images to fuel AI-assisted capabilities. This has raised fears about the security dec...

Root Causes 395: Is Y2Q Like Y2K?

18 Jun 2024

Contributed by Lukas

In this episode we compare the advent of cryptography relevancy of quantum computers (somestimes called Y2Q) to Y2K. We uncover similarities and diff...

Root Causes 394: Snowflake, Ticketmaster, and MFA

14 Jun 2024

Contributed by Lukas

In this episode we drill down on one aspect of the loss of more than 500 million Ticketmaster users' data, which is the use of MFA for access to the S...

Root Causes 393: PQC-enabled Chrome Breaks Other Software

11 Jun 2024

Contributed by Lukas

Chrome's recent 124 release supports PQC algorithms from NIST. This has led to the discovery of software and systems that break under these circumstan...

Root Causes 392: Chromium Issues a Quality Ultimatum

07 Jun 2024

Contributed by Lukas

In the most recent CA/Browser Forum face-to-face meeting, the Google Chrome root program gave a presentation clearly defining its expectations for qua...

Root Causes 391: 20 Percent of Web Visits Are PQC Enabled Today

04 Jun 2024

Contributed by Lukas

Cloudflare research engineer Bas Westerbaan joins us to share his observations about post-quantum cryptography and what it does in the real world. We ...

Root Causes 390: Chromium Boosts Its Distrust Agility with a New Root Trust Deprecation

31 May 2024

Contributed by Lukas

A root trust deprecation highlights new Chrome functionality that enables more agile and less disruptive distrust events. We explain the significant ...

Root Causes 389: 2024 RSA Conference Wrap Up

28 May 2024

Contributed by Lukas

Jason and I do our annual RSA wrap-up. Trending segments include AI, Trust Centers, MFA, PQC, and more.

Root Causes 388: What Is the WebPKI?

22 May 2024

Contributed by Lukas

These days we frequently discuss "the WebPKI." But what does that really mean? In this episode we define the term and explain how this definition evo...

Root Causes 387: What Is the Post-quantum Readiness of HSMs?

16 May 2024

Contributed by Lukas

We take a deep dive with return guest Bruno Coulliard on HSMs and the role they play in post-quantum cryptography (PQC).

Root Causes 386: Meta Commits MITM Attack On Its Users

13 May 2024

Contributed by Lukas

Recent court documents reveal that in 2016 Meta (then Facebook) set up a system to get around encryption and spy on traffic between its users and comp...

Root Causes 385: Failed Revocation and Wildcard Certificates

10 May 2024

Contributed by Lukas

We discuss misuse of wildcard certificates, failure to revoke on time, and how these two failures magnify each other.

Root Causes 384: So What Is a Senior Fellow Anyway?

07 May 2024

Contributed by Lukas

Jason has a new title, Senior Fellow. In this episode Jason explains what his new focus will be and how this will be good for Root Causes.

Root Causes 383: Delayed Revocation Events by the Numbers

02 May 2024

Contributed by Lukas

An epidemic of delayed revocations has infected the public CA community. We track delayed revocations since the beginning of 2021, examine the trend l...

Root Causes 382: Mobile Phone Malware Steals Faces for Access

29 Apr 2024

Contributed by Lukas

New malware photographs users' faces to defeat authentication mechanisms. We explain the that biometrics are not "secrets" and discuss the continuing ...

Root Causes 381: Apple Chip Sideloading Attack Leaks Encryption Keys

26 Apr 2024

Contributed by Lukas

A newly revealed side channel attack enables theft of private keys from M-series Apple chips. We explain.

Root Causes 380: What If Quantum Supremacy Comes Earlier Than We Thought?

22 Apr 2024

Contributed by Lukas

Repeat guest Bruno Coulliard gives us an update on the US government's migration to post-quantum cryptography (PQC). We talk about the challenges to m...

Root Causes 379: AI-generated Fake IDS for KYC

18 Apr 2024

Contributed by Lukas

Inexpensive and easily obtained deepfake photographs of IDs, generated by AI, are available online. These pose a problem for KYC initiatives.

Root Causes 378: Why Are Forced Revocations So Difficult?

15 Apr 2024

Contributed by Lukas

In the latest in our ongoing series of discussions of the Bugzilla Bloodbath, we delve deep into the problem of failure to revoke on time and the mult...

Root Causes 377: Is CPS/Issuance Misalignment a Revocation Event?

11 Apr 2024

Contributed by Lukas

If you issue public certificates that are fully compliant except that they do not reflect what your CPS says, are they misissued? Do they require revo...

Root Causes 376: Gartner's New CLM Framework

08 Apr 2024

Contributed by Lukas

Gartner has released a new framework for Certificate Lifecycle Management, called the Seven Core Functions of Certificate Automation. We walk through ...

Root Causes 375: What Is Name Space Lifecycle Management?

05 Apr 2024

Contributed by Lukas

In this guest episode we discuss name space hygiene with Geir Rasmussen, founder of NodeZro. CNAMEs, SPF, DMARC, name server entries, and other DNS id...

Root Causes 374: NIST Cyber Security Framework 2 Released

31 Mar 2024

Contributed by Lukas

NIST Cyber Security Framework version 2.0 is released. It includes guidance on identity management and authentication. In this first episode of a seri...

Root Causes 373: Massive Brand Hijack Subverts More Than 21,000 Domains and Subdomains

29 Mar 2024

Contributed by Lukas

A massive name space attack has hijacked more than 21,000 domains and subdomains, including a who's who list of major global brands. This huge and inn...

Root Causes 372: Bugzilla Bloodbath

26 Mar 2024

Contributed by Lukas

It's a bloodbath on Bugzilla. Since March 9, more than 25 new Bugzilla bugs been written up, which is 10x the typical pace. And it's not over. In this...

Root Causes 371: MPIC Rules Go to CABF Ballot

22 Mar 2024

Contributed by Lukas

A ballot for Multi-perspective Issuance Corroboration (MPIC), formerly known as MPDV, has entered a discussion period in the CA/Browser Forum (CABF). ...

Root Causes 370: Drama on Bugzilla

19 Mar 2024

Contributed by Lukas

An evolving incident on Bugzilla has garnered a lot of attention and touches several important issues in the WebPKI ecosystem. We report what went on ...

Root Causes 369: iMessage to Be PQC Enabled

14 Mar 2024

Contributed by Lukas

Apple has announced that iMessage will employ post-quantum cryptography (PQC). We explain the implications of this announcement.

Root Causes 368: CRYSTALS-Kyber Is Now ML-KEM

13 Mar 2024

Contributed by Lukas

What has been known as CRYSTALS-Kyber now has the new official name of Module Lattice-based Key Encryption Module, or ML-KEM. We give an update on the...

Root Causes 367: Did an IoT Toothbrush Botnet Perform DDoS Attacks?

07 Mar 2024

Contributed by Lukas

A story circulated earlier this year about a botnet composed of millions of IoT toothbrushes, which later was debunked. We tell you the whole tale.

Root Causes 366: What Is eIDAS?

04 Mar 2024

Contributed by Lukas

eIDAS 2.0 has been making headlines recently with its proposed expansion to the European digital identity ecosystem. But what is eIDAS? What does it...

Root Causes 365: What Is Subdomain Hijacking?

26 Feb 2024

Contributed by Lukas

In this episode we explain subdomain hijacking, including dangling subdomains and how they can constitute vulnerabilities.

Root Causes 364: Video Conference Deepfake Enables $25 Million Theft

22 Feb 2024

Contributed by Lukas

Deepfakes continue to show themselves as part of the standard criminal toolkit. A recent deepfake spear phish enabled a $25 million Business Email Com...

Root Causes 363: Defending Yourself Against Use of Stolen Privileges

18 Feb 2024

Contributed by Lukas

CloudFlare recently published details of an attack it suffered as a downstream effect of a November 2023 breach against Okta and what it did to nullif...

Root Causes 362: When You're Attacked by a State Actor

12 Feb 2024

Contributed by Lukas

In this episode we share the details of a recent nation state actor attack on Microsoft and some of the lessons learned.

Root Causes 361: The Premise of on Premise

09 Feb 2024

Contributed by Lukas

In this episode we examine commonly held belief that on-premise systems give system administrators greater levels of control and that that is better f...

Root Causes 360: Joe Biden Deepfake Plays in New Hampshire Primary

06 Feb 2024

Contributed by Lukas

A deepfake of Joe Biden's voice made an appearance in robocalls leading up to the New Hampshire primary. We discuss this latest development and its im...

Root Causes 359: 90-day SSL Won't Affect Organization Validation Periods

02 Feb 2024

Contributed by Lukas

With maximum 90-day term coming for public SSL certificates and DCV reuse also moving to 90 days, we explain why we do not expect a similar reduction ...

Root Causes 358: Security Questionnaire Sins

30 Jan 2024

Contributed by Lukas

In this episode we present a catalog of "security questionnaire sins," which are avoidable problems and errors that frequently occur in the security q...

Root Causes 357: Signed Digital Photographs

26 Jan 2024

Contributed by Lukas

Three major camera manufacturers have joined to create a standard for signed digital images from their cameras.

Root Causes 356: Will MPDV Eliminate Email-based DCV?

22 Jan 2024

Contributed by Lukas

Multi-perspective Domain Validation (MPDV) is a necessary evolution of Domain Control Validation (DCV) to protect against Border Gateway Protocol (BGP...

Root Causes 355: Should a Managed PKI Provider Do Whatever the Customer Wants?

19 Jan 2024

Contributed by Lukas

In this episode we explore whether a managed PKI provider should give complete control over PKI decisions to the end customer or if it should enforce ...

Root Causes 354: CyberSlash Attack Against CRYSTALS-Kyber

16 Jan 2024

Contributed by Lukas

A newly published attack against common implementations of CRYSTALS-Kyber illustrates how cryptographic implementations can be vulnerable even if the ...

Root Causes 353: Why Isn't PKI Everywhere?

09 Jan 2024

Contributed by Lukas

Our hosts firmly believe that PKI is a necessary component of all digital interactions. And yet there are still gaps in PKI implementation. We discu...

Root Causes 352: FBI Vs. End-to-end Encryption in Meta Apps

04 Jan 2024

Contributed by Lukas

Meta is finally rolling out end-to-end encryption across its messaging apps. This is the latest chapter in the long story of government versus encrypt...

Root Causes 351: 2024 Predictions

27 Dec 2023

Contributed by Lukas

We look forward to 2024 and predict trends for PKI, certificates, and digital identity. We discuss shortening certificate lifespans, Multi-perspective...

Root Causes 350: Public Certificates and the GDPR Right to Be Forgotten

21 Dec 2023

Contributed by Lukas

GDPR provides a "right to be forgotten," whereby individuals can demand the removal of PII from IT systems. This can run directly contrary to the tran...

Root Causes 349: 2023 Lookback - Overall Trends

18 Dec 2023

Contributed by Lukas

We look back at PKI in 2023. Trends include artificial intelligence, enterprise crypto agility, the fall of OCSP, PKI everywhere, the weakness of pass...

Root Causes 348: What Is a Merkle Tree?

15 Dec 2023

Contributed by Lukas

One foundational element of modern cryptographic systems is the Merkle tree. Merkle tree is an enabler of blockchain and CT logs, among other things....

Root Causes 347: 2023 Lookback - Shortening Certificate Lifespans

11 Dec 2023

Contributed by Lukas

90-day SSL certificates is only part of it! 2023 has been a year of certificate lifespans getting shorter. We review these trends.

Root Causes 346: Private Credentials In Public Code

08 Dec 2023

Contributed by Lukas

In this episode we uncover the epidemic of private credentials in public-facing code repositories, including why it occurs and what do to about it.

Root Causes 345: Apple Versus European Sideloading

05 Dec 2023

Contributed by Lukas

The European Union is applying pressure to Apple to allow sideloading of applications. We go over why this is occurring, the potential dangers, and Ap...

Root Causes 344: Introducing the PQC Onramp

29 Nov 2023

Contributed by Lukas

NIST's Round 3 competition has yielded winners for standardization. But NIST wants to continue finding additional potential algorithms, especially tho...

Root Causes 343: The EIDAS 2.0 Controversy

22 Nov 2023

Contributed by Lukas

ETSI is preparing to release specifications for eIDAS 2.0. One controversial aspect of this new standard is that it limits browsers' ability to determ...

Root Causes 342: Don't Change Your Password for Two Years

17 Nov 2023

Contributed by Lukas

The CA/Browser Forum rules stipulate how often forced password changes for CA employees are to occur. They don't, however, specify a frequency at whic...

Root Causes 341: The Trouble with Security Questionnaires

13 Nov 2023

Contributed by Lukas

The practice of sending security questionnaires to technology vendors is exploding, and with it dysfunctional behavior is on the rise. In this episode...

Root Causes 340: Is This Podcast Canadian Enough?

06 Nov 2023

Contributed by Lukas

Canada's Online Streaming Act will require internet content providers to provide a minimum percentage of content produced by Canadians or face fines. ...

Root Causes 339: The ROI of CLM

31 Oct 2023

Contributed by Lukas

In this episode we describe at a high level how to calculate the Total Cost of Ownership (TCO) of CLM as opposed to manual installation and management...

Root Causes 338: CLM and Your Career as an IT Professional

23 Oct 2023

Contributed by Lukas

In this follow up to our episode on CLM and the IT skills gap, we now discuss how CLM matters to individual IT professionals and can help progress car...

Root Causes 337: CLM and the IT Skills Gap

10 Oct 2023

Contributed by Lukas

For decades industry has had more need for skilled IT employees than the workforce could provide. In this episode we discuss how Certificate Lifecycle...

Root Causes 336: Digitally Signing Images on Cameras

03 Oct 2023

Contributed by Lukas

A recent press release discusses efforts of camera manufacturers and the digital imagery supply chain to create an ecosystem for digitally signed imag...

Root Causes 335: When MFA Is Not MFA

29 Sep 2023

Contributed by Lukas

In this episode we describe a social engineering attack to steal a one-time password (OTP) to enable unauthorized access. This incident further exploi...

Root Causes 334: What Is Attestation on the Web?

26 Sep 2023

Contributed by Lukas

Most people hate dealing with CAPTCHA, but it offers great benefits for web site operators. In this episode we discuss alternatives to CAPTCHA, how t...

Root Causes 333: Intel Side Channel Attack Steals Private Keys

20 Sep 2023

Contributed by Lukas

A newly revealed side channel attack can capture AES encryption keys from Intel chips. We explain this significant and powerful attack.

Root Causes 332: Acoustic AI-based Key Logging Attack

14 Sep 2023

Contributed by Lukas

Researchers have built an AI model that can interpret keystrokes based on the sound of keyboard use over a phone or video call. Among other things, t...

Root Causes 331: Microsoft Restores Trust to VeriSign Code Signing Root

13 Sep 2023

Contributed by Lukas

Recent erroneous behavior for certain applications on Windows has drawn attention to the Microsoft trusted root store. It turns out that Microsoft re...

Root Causes 330: End-to-end PQC in Use Today

05 Sep 2023

Contributed by Lukas

Our hosts are joined by IronCap CEO Andrew Cheung as he discusses commercially available PQC solutions today, including VPN, email, and crypto currenc...

Root Causes 329: What Is Messaging Layer Security?

29 Aug 2023

Contributed by Lukas

The recently published Messaging Layer Security (MLS) protocol establishes key exchange protocols for participants in a simultaneous communication ses...

Root Causes 328: What Is the Debian Weak Key Flaw?

23 Aug 2023

Contributed by Lukas

In 2008 the world of SSL was shocked by the discovery of a flaw in a popular operating system that limited the total set of possible private keys on t...

Root Causes 327: What Is Multi-perspective Domain Validation?

18 Aug 2023

Contributed by Lukas

In this episode we explain Border Gateway Protocol (BGP) attacks and how multi-perspective domain validation (MPDV, also known as multi-vantage point ...

Root Causes 326: The Difference Between .ml and .mil

15 Aug 2023

Contributed by Lukas

A recent Financial Times article reveals that mistyped email addresses aimed at the US military frequently are sent to email addresses in Mali instead...

Root Causes 325: Certificate Error Causes Sharepoint Outage

11 Aug 2023

Contributed by Lukas

A recent outage in Microsoft Sharepoint was caused by an error in certificate installation. We explain what happened and the lessons to be learned.

Root Causes 324: Apple Vs New UK Surveillance Bill

07 Aug 2023

Contributed by Lukas

The battle between government and encryption continues. The UK is attempting to build secret back doors into end-to-end encrypted services. In respons...

Root Causes 323: Update on Microsoft Key Compromise

02 Aug 2023

Contributed by Lukas

In this follow up to our episode 320, we describe Microsoft's actions to mitigate this attack and explain new understanding that shows its impact to b...

Root Causes 322: RIP Kevin Mitnick

31 Jul 2023

Contributed by Lukas

In July famous security researcher Kevin Mitnick passed away. We briefly pay tribute to Kevin and talk about his contributions to white hat hacking a...

Root Causes 321: CABF Moratorium on New Certificate Consumer Members

26 Jul 2023

Contributed by Lukas

The CA/Browser Forum recently passed a temporary moratorium on new members of the Certificate Consumer class. We explain how Certificate Consumers ha...

Root Causes 320: Microsoft-signed Root Kit Attack

24 Jul 2023

Contributed by Lukas

A new root kit attack in the wild is code signed by a Microsoft certificate. We explain kernel-level attacks, how powerful they are, and how this atta...

Root Causes 319: EU Digital Wallets

21 Jul 2023

Contributed by Lukas

A new agreement mandates that European countries will make digital wallets available to their citizens in 2024. We explain what's coming and some of ...

Root Causes 318: What Is ACME Renewal Information (ARI)?

18 Jul 2023

Contributed by Lukas

ACME is a functional and widely supported protocol for certificate provisioning and installation. A new extension to the protocol will help automate r...

Root Causes 317: New Automotive CAN Bus Attacks Demand PKI

13 Jul 2023

Contributed by Lukas

In this episode we describe how physically accessing the CAN bus wires in a modern automobile can allow a thief to take over key fob functionality to ...

Root Causes 316: SquareSpace Acquires Google Domains

11 Jul 2023

Contributed by Lukas

SquareSpace recently acquired Google's domain registry business. We discuss what this move says about large technology trends.

Root Causes 315: Will the SEC Sue SolarWinds Executives?

07 Jul 2023

Contributed by Lukas

The SEC has sent "Wells notices" to two senior executives from SolarWinds, with regard to the 2019 supply chain attack. In this episode we explain th...

Root Causes 314: AI-based Deepfakes in Real Crimes

05 Jul 2023

Contributed by Lukas

We have spoken in previous episodes about the potential for deepfakes in real-world crimes. In this episode we discuss a variety of real-world attacks...

Root Causes 313: SSL Revocation Reason Codes

22 Jun 2023

Contributed by Lukas

In 2022 Mozilla added a root program requirement that CAs include Reason Codes when revoking public TLS certificates. In this episode we explain the ...

Root Causes 312: You Shouldn't Roll Your Own Crypto

20 Jun 2023

Contributed by Lukas

Don't roll your own crypto. In this episode we describe the findings from 2021 research that investigating the root causes of problems in cryptographi...

Root Causes 311: What Is CCADB?

16 Jun 2023

Contributed by Lukas

We describe CCADB, the Common CA Database. We explain the role of CCADB in the WebPKI and how this role is evolving.

Root Causes 310: Another AI Episode

13 Jun 2023

Contributed by Lukas

In this episode we continue to explore the capabilities of AI to replicate known people in deep fakes with AI-generated content.
«« ← Prev Page 3 of 7 Next → »»