Root Causes: A PKI and Security Podcast
Episodes
Root Causes 109: Examining MFA Through Phone-based SMS
29 Jul 2020
Contributed by Lukas
SMS-based one time password (OTP) is a very commonly used form of multi-factor authentication (MFA). That's because it's fast and inexpensive to roll ...
Root Causes 108: Why Do Certificates Expire?
24 Jul 2020
Contributed by Lukas
Root expirations occasionally make headlines by breaking systems, but it's a fact that certificates are expiring every day, each a potential outage wa...
Root Causes 107: IoT Security Baseline Requirements from ETSI
20 Jul 2020
Contributed by Lukas
ETSI has published its new Baseline Requirements for consumer IoT device security, which includes a number of provisions directly related to encryptio...
Root Causes 106: Massive Intermediate Certificate Distrust Is on the Way
14 Jul 2020
Contributed by Lukas
A recently identified and widespread configuration error has created a situation where, with the wrong attack on certain public roots, certificates co...
Root Causes 105: TOR, How and Why
08 Jul 2020
Contributed by Lukas
Many people know that TOR is a browser used for anonymous online activity, but most of us don't know much more than that. In this episode our hosts e...
Root Causes 104: 21 PKI Pitfalls to Avoid
06 Jul 2020
Contributed by Lukas
Our hosts often discuss the idea of errors in PKI implementations and the potential negative consequences for organizations. In this episode they cat...
Root Causes 103: Work-from-Home IT Impact Study
29 Jun 2020
Contributed by Lukas
The need to suddenly enable nearly 100% of information workers for secure, productive work-from-home was a curve ball for IT departments to deal with ...
Root Causes 102: Lawful Access to Encrypted Data Act
26 Jun 2020
Contributed by Lukas
A newly proposed US Senate bill called the Lawful Access to Encrypted Data Act would require service providers and device manufacturers to provide acc...
Root Causes 101: Google RCS Chat with End-to-End Encryption
21 Jun 2020
Contributed by Lukas
Google has just announced the coming availability of end-to-end encryption for its chat service. In this episode our hosts describe the spectrum of po...
Root Causes 100: OpenSSH Deprecates SHA-1
15 Jun 2020
Contributed by Lukas
Once widely used, SHA-1 is considered insecure today and has been deprecated from the most common PKI use cases. OpenSSH recently provided a roadmap t...
Root Causes 99: AddTrust Root Expiration Explained
12 Jun 2020
Contributed by Lukas
The recent expiration of Sectigo's AddTrust legacy root caused some systems to stop working and forced some admins to keep working over the weekend un...
Root Causes 98: DMARC and Verified Mark Certificates for Email
08 Jun 2020
Contributed by Lukas
A new kind of identity certificate is coming that will enable businesses to include their logos in official email they send in order to improve custom...
Root Causes 97: Firefox to Deprecate Support for FTP
04 Jun 2020
Contributed by Lukas
Mozilla has announced its intention to remove support for FTP from the Firefox browser, citing concerns about security and the degree of effort requir...
Root Causes 96: Signal May Leave the USA to Protect Its End-to-End Encryption
01 Jun 2020
Contributed by Lukas
Congress's proposed EARN IT act has many industry observers worried about its potential effect on the integrity of encrypted communication. In recent ...
Root Causes 95: Cryptographic Key Vaulting
28 May 2020
Contributed by Lukas
For PKI to be secure, private keys need to remain private. In this episode we explain "vaulting" for keys or other shared secrets. We touch on the vul...
Root Causes 94: Revocation Checking Through OCSP and CRL
26 May 2020
Contributed by Lukas
One essential portion of the certificate lifecycle is the ability to revoke certificates. Public SSL certificates use a pair of mechanisms to communic...
Root Causes 93: Videoconferencing Phishing
21 May 2020
Contributed by Lukas
With the global workforce's massive shift to work-from-home, a clever new set of opportunistic social engineering attacks has sprung up to take advant...
Root Causes 92: COVID-19 Immunity Passports
18 May 2020
Contributed by Lukas
As we plan our societal return to normalcy, a number of people and groups are discussing the concept of an electronic "immunity passport" that individ...
Root Causes 91: Rabobank Banking App Outage
13 May 2020
Contributed by Lukas
Australia's Rabobank recently experienced an outage preventing its Android banking app from connecting to its servers. The root cause? An expired cert...
Root Causes 90: An Analysis of Distributed PKI
10 May 2020
Contributed by Lukas
Distributed PKI is a new approach, with advocates saying it will eliminate many weaknesses they perceive with traditional, hierarchical PKI architectu...
Root Causes 89: PKI's Role in Zero Trust
07 May 2020
Contributed by Lukas
"Zero Trust" is an IT security philosophy that maximizes protection from threats by tightly controlling access and permissions for every individual, d...
Root Causes 88: PKI and Blockchain
04 May 2020
Contributed by Lukas
Many observers notice similarities between PKI and blockchain, including their applicability to secure digital systems and their ability to enable aut...
Root Causes 87: Zoom's (Not) End-to-End Encryption
30 Apr 2020
Contributed by Lukas
With lockdowns and working from home the norm, a great deal of attention has been paid to video conferencing technology. In particular, Zoom has claim...
Root Causes 86: SSH Keys
27 Apr 2020
Contributed by Lukas
SSH keys are essential for controlling access to production infrastructure. Our hosts are joined by repeat guest David Colon to discuss how SSH keys a...
Root Causes 85: Automotive Key Fobs and Cryptography
23 Apr 2020
Contributed by Lukas
Recent headlines have unveiled high profile attacks against automobile key fobs. Such an attack is potentially huge since successfully mimicking these...
Root Causes 84: What Is DNS over HTTPS?
20 Apr 2020
Contributed by Lukas
DNS over HTTPS is a capability whereby DNS lookups can be encrypted to defend against certain man-in-the-middle attacks as well as protecting informat...
Root Causes 83: Quantum Apocalypse - Does COVID-19 Change the Z Date
16 Apr 2020
Contributed by Lukas
Lock downs and work-from-home requirements have disrupted the efficiency of operations in all walks of industry, including academics and advanced comp...
Root Causes 82: The Death of the Hard Token
13 Apr 2020
Contributed by Lukas
People are working from home in unprecedented numbers, which means that companies need to find ways for them to connect securely. Some will consider h...
Root Causes 81: What Is Embedded Firewall?
06 Apr 2020
Contributed by Lukas
Security for IoT devices depends not only on establishing strong identity mechanisms for devices and the services they connect to but also in ensuring...
Root Causes 81: What Is Embedded Firewall?
06 Apr 2020
Contributed by Lukas
Security for IoT devices depends not only on establishing strong identity mechanisms for devices and the services they connect to but also in ensuring...
Root Causes 80: The Pros and Cons of VPNs
02 Apr 2020
Contributed by Lukas
With the sudden, meteoric increase in remote workers, many IT professionals are looking at VPN as a method of keeping them secure. Join our hosts as ...
Root Causes 80: The Pros and Cons of VPNs
02 Apr 2020
Contributed by Lukas
With the sudden, meteoric increase in remote workers, many IT professionals are looking at VPN as a method of keeping them secure. Join our hosts as ...
Root Causes 79: Firefox Reinstates Support for Deprecated TLS Versions
30 Mar 2020
Contributed by Lukas
To enable broadest possible access to valuable information about the COVID-19 epidemic, Firefox has chosen to reinstate support for web sites using TL...
Root Causes 79: Firefox Reinstates Support for Deprecated TLS Versions
30 Mar 2020
Contributed by Lukas
To enable broadest possible access to valuable information about the COVID-19 epidemic, Firefox has chosen to reinstate support for web sites using TL...
Root Causes 78: Extended Validation Certificates and the Dark Web
26 Mar 2020
Contributed by Lukas
New research presented at RSA Security Expo indicates that at least one party is using online criminal marketplaces to sell a package of a newly-creat...
Root Causes 78: Extended Validation Certificates and the Dark Web
26 Mar 2020
Contributed by Lukas
New research presented at RSA Security Expo indicates that at least one party is using online criminal marketplaces to sell a package of a newly-creat...
Root Causes 77: Certificates for Public Cloud
23 Mar 2020
Contributed by Lukas
As a convenience to customers and a competitive differentiator, public cloud services such as AWS offer TLS certificates for use in their environments...
Root Causes 77: Certificates for Public Cloud
23 Mar 2020
Contributed by Lukas
As a convenience to customers and a competitive differentiator, public cloud services such as AWS offer TLS certificates for use in their environments...
Root Causes 76: Implications of COVID-19 for PKI
20 Mar 2020
Contributed by Lukas
COVID-19 is rocking all aspects of our daily and business lives. So what are the implications of lock-downs, office closures, and high employee absent...
Root Causes 76: Implications of COVID-19 for PKI
20 Mar 2020
Contributed by Lukas
COVID-19 is rocking all aspects of our daily and business lives. So what are the implications of lock-downs, office closures, and high employee absent...
Root Causes 75: Sectigo's COVID-19 Readiness
18 Mar 2020
Contributed by Lukas
As measures move into place throughout society to flatten the curve of COVID-19's spread, it is important to understand the potential effects of lock ...
Root Causes 75: Sectigo's COVID-19 Readiness
18 Mar 2020
Contributed by Lukas
As measures move into place throughout society to flatten the curve of COVID-19's spread, it is important to understand the potential effects of lock ...
Root Causes 74: Device and Network Access
17 Mar 2020
Contributed by Lukas
Certificates can play a critical role in enabling and controlling access for users and devices to our sensitive business processes and data. Our host...
Root Causes 74: Device and Network Access
17 Mar 2020
Contributed by Lukas
Certificates can play a critical role in enabling and controlling access for users and devices to our sensitive business processes and data. Our host...
Root Causes 73: Apple to Drop Support for Two-year SSL Certificates
13 Mar 2020
Contributed by Lukas
At the most recent Face-to-Face meeting of the CA/Browser Forum, Apple announced that as of September 1 it will distrust public TLS certificates issue...
Root Causes 73: Apple to Drop Support for Two-year SSL Certificates
13 Mar 2020
Contributed by Lukas
At the most recent Face-to-Face meeting of the CA/Browser Forum, Apple announced that as of September 1 it will distrust public TLS certificates issue...
Root Causes 72: Future-proofing Your PKI
10 Mar 2020
Contributed by Lukas
Former CableLabs CIO and Kyrio President and General Manager Mitch Ashley joins our hosts to discuss how to set up a PKI system that will meet your ne...
Root Causes 72: Future-proofing Your PKI
09 Mar 2020
Contributed by Lukas
Former CableLabs CIO and Kyrio President and General Manager Mitch Ashley joins our hosts to discuss how to set up a PKI system that will meet your ne...
Root Causes 71: Short Lived DevOps Certificates
06 Mar 2020
Contributed by Lukas
Repeat guest and DevOps expert David Colon joins us again to discuss identity for microservices, including the use of very short-lived TLS certificate...
Root Causes 71: Short Lived DevOps Certificates
06 Mar 2020
Contributed by Lukas
Repeat guest and DevOps expert David Colon joins us again to discuss identity for microservices, including the use of very short-lived TLS certificate...
Root Causes 70: Identity Is the New Perimeter
04 Mar 2020
Contributed by Lukas
Modern architectures and development processes have shattered the old concept of an IT perimeter for the enterprise. In this world, attaching strong i...
Root Causes 70: Identity Is the New Perimeter
04 Mar 2020
Contributed by Lukas
Modern architectures and development processes have shattered the old concept of an IT perimeter for the enterprise. In this world, attaching strong i...
Root Causes 69: Fundamentals of DevOps and PKI
28 Feb 2020
Contributed by Lukas
In our ongoing series on DevOps and PKI, DevOps practitioner David Colon joins us to help describe the intersection of DevOps security and PKI. We exp...
Root Causes 69: Fundamentals of DevOps and PKI
28 Feb 2020
Contributed by Lukas
In our ongoing series on DevOps and PKI, DevOps practitioner David Colon joins us to help describe the intersection of DevOps security and PKI. We exp...
Root Causes 68: Why SHA-1 Is No Longer Secure
24 Feb 2020
Contributed by Lukas
SHA-1 was a cornerstone of the early secure web. Now, 25 years later, this hashing function is no longer secure. Join our hosts to hear the history ...
Root Causes 68: Why SHA-1 Is No Longer Secure
23 Feb 2020
Contributed by Lukas
SHA-1 was a cornerstone of the early secure web. Now, 25 years later, this hashing function is no longer secure. Join our hosts to hear the history ...
Root Causes 67: Definition of DevOps and DevSecOps
21 Feb 2020
Contributed by Lukas
Our hosts are joined by senior DevOps engineer David Colon to explore what DevOps means in today's enterprise. They cover diverse aspects of the DevOp...
Root Causes 67: Definition of DevOps and DevSecOps
21 Feb 2020
Contributed by Lukas
Our hosts are joined by senior DevOps engineer David Colon to explore what DevOps means in today's enterprise. They cover diverse aspects of the DevOp...
Root Causes 66: Functional Versus Homomorphic Encryption
18 Feb 2020
Contributed by Lukas
Traditionally, file encryption is an all-or-nothing affair where data cannot be gleaned from the encrypted file without fully decrypting its contents....
Root Causes 66: Functional Versus Homomorphic Encryption
18 Feb 2020
Contributed by Lukas
Traditionally, file encryption is an all-or-nothing affair where data cannot be gleaned from the encrypted file without fully decrypting its contents....
Root Causes 65: Quantum Key Distribution
10 Feb 2020
Contributed by Lukas
Quantum key distribution is a new technology that uses the principles of quantum physics to generate and distribute truly random keys for encrypted co...
Root Causes 65: Quantum Key Distribution
10 Feb 2020
Contributed by Lukas
Quantum key distribution is a new technology that uses the principles of quantum physics to generate and distribute truly random keys for encrypted co...
Root Causes 64: What Is Digital Identity?
04 Feb 2020
Contributed by Lukas
The phrase "identity is the new perimeter" has gained in use of late, reflecting the reality that today's modern enterprise architecture is a mix of t...
Root Causes 64: What Is Digital Identity?
04 Feb 2020
Contributed by Lukas
The phrase "identity is the new perimeter" has gained in use of late, reflecting the reality that today's modern enterprise architecture is a mix of t...
Root Causes 63: What Is CAA?
29 Jan 2020
Contributed by Lukas
CAA, which stands for CA Authentication, is the capability for the domain name owner to specify in DNS which CAs are allowed to issue SSL certificates...
Root Causes 63: What Is CAA?
27 Jan 2020
Contributed by Lukas
CAA, which stands for CA Authentication, is the capability for the domain name owner to specify in DNS which CAs are allowed to issue SSL certificates...
Root Causes 62: Windows CryptoAPI Spoofing Vulnerability Explained
22 Jan 2020
Contributed by Lukas
On January 14 Microsoft announced a sweeping vulnerability that makes it possible to defeat the authentication of Elliptic Curve Cryptography (ECC) on...
Root Causes 62: Windows CryptoAPI Spoofing Vulnerability Explained
22 Jan 2020
Contributed by Lukas
On January 14 Microsoft announced a sweeping vulnerability that makes it possible to defeat the authentication of Elliptic Curve Cryptography (ECC) on...
Root Causes 61: Anatomy of a Cryptocurrency
10 Jan 2020
Contributed by Lukas
In our ongoing series about blockchain, we explore the technology, process, and ecosystem needs for a successful cryptocurrency. Join our hosts along ...
Root Causes 61: Anatomy of a Cryptocurrency
10 Jan 2020
Contributed by Lukas
In our ongoing series about blockchain, we explore the technology, process, and ecosystem needs for a successful cryptocurrency. Join our hosts along ...
Root Causes 60: Fundamentals of Blockchain
06 Jan 2020
Contributed by Lukas
Widely understood to be the technology behind popular crypto currencies, blockchain has become a household word. But what it blockchain really, and ho...
Root Causes 60: Fundamentals of Blockchain
06 Jan 2020
Contributed by Lukas
Widely understood to be the technology behind popular crypto currencies, blockchain has become a household word. But what it blockchain really, and ho...
Root Causes 59: What Is Certificate Transparency?
30 Dec 2019
Contributed by Lukas
Certificate Transparency (CT) is a recent and important development in the world of SSL certificates. Popular browsers require trusted CAs to log all...
Root Causes 59: What Is Certificate Transparency?
28 Dec 2019
Contributed by Lukas
Certificate Transparency (CT) is a recent and important development in the world of SSL certificates. Popular browsers require trusted CAs to log all...
Root Causes 58: 2019 Lookback - One Year of Podcasting
16 Dec 2019
Contributed by Lukas
Nearly a year ago our hosts launched Root Causes to provide a forum for discussion of the issues surrounding the critically important PKI technology. ...
Root Causes 58: 2019 Lookback - One Year of Podcasting
14 Dec 2019
Contributed by Lukas
Nearly a year ago our hosts launched Root Causes to provide a forum for discussion of the issues surrounding the critically important PKI technology. ...
Root Causes 57: Quantum Random Number Generation
12 Dec 2019
Contributed by Lukas
Random number generation is an essential part of successful cryptography. Quantum computers offer to improve this niche technology industry. Join our ...
Root Causes 57: Quantum Random Number Generation
10 Dec 2019
Contributed by Lukas
Random number generation is an essential part of successful cryptography. Quantum computers offer to improve this niche technology industry. Join our ...
Root Causes 56: 2019 Lookback - Evolving Cryptography
09 Dec 2019
Contributed by Lukas
2019 saw important changes in the world's cryptographic standards, including changes in browser treatment of SSL certificates, the removal of a public...
Root Causes 56: 2019 Lookback - Evolving Cryptography
08 Dec 2019
Contributed by Lukas
2019 saw important changes in the world's cryptographic standards, including changes in browser treatment of SSL certificates, the removal of a public...
Root Causes 55: California's New IoT Security Law
05 Dec 2019
Contributed by Lukas
California Senate Bill 327 (SB-327) goes into effect January 1, 2020. This groundbreaking ordinance requires basic security measures for devices deplo...
Root Causes 55: California's New IoT Security Law
04 Dec 2019
Contributed by Lukas
California Senate Bill 327 (SB-327) goes into effect January 1, 2020. This groundbreaking ordinance requires basic security measures for devices deplo...
Root Causes 54: 2019 Lookback - Infrastructure and IoT Security
03 Dec 2019
Contributed by Lukas
2019 was a highly eventful year for infrastructure and IoT security. The year saw the emergence of wholesale attacks on the world's energy infrastruct...
Root Causes 54: 2019 Lookback - Infrastructure and IoT Security
01 Dec 2019
Contributed by Lukas
2019 was a highly eventful year for infrastructure and IoT security. The year saw the emergence of wholesale attacks on the world's energy infrastruct...
Root Causes 53: 2019 Lookback - Governments Try to Control PKI
25 Nov 2019
Contributed by Lukas
2019 has been an eventful year for PKI. In this episode, first in a series of four lookbacks at the year, our hosts discuss how governments sought to ...
Root Causes 53: 2019 Lookback - Governments Try to Control PKI
23 Nov 2019
Contributed by Lukas
2019 has been an eventful year for PKI. In this episode, first in a series of four lookbacks at the year, our hosts discuss how governments sought to ...
Root Causes 52: New TLS Certificate Incident Research
22 Nov 2019
Contributed by Lukas
New research out of Indiana University Bloomington reviews nearly 400 "incidents" with public SSL certificates over the course of more than a decade. ...
Root Causes 52: New TLS Certificate Incident Research
21 Nov 2019
Contributed by Lukas
New research out of Indiana University Bloomington reviews nearly 400 "incidents" with public SSL certificates over the course of more than a decade. ...
Root Causes 51: Blockchain vs. PKI
19 Nov 2019
Contributed by Lukas
In our industry interactions we frequently run into questions about how PKI and blockchain compare with each other. How do they work similarly or diff...
Root Causes 51: Blockchain vs. PKI
18 Nov 2019
Contributed by Lukas
In our industry interactions we frequently run into questions about how PKI and blockchain compare with each other. How do they work similarly or diff...
Root Causes 50: Energy Infrastructure Cyber Attacks
08 Nov 2019
Contributed by Lukas
Global energy infrastructure continues to find itself under cyber attack from Advanced Persistent Threats (APTs). Join our hosts as we discuss recent ...
Root Causes 50: Energy Infrastructure Cyber Attacks
07 Nov 2019
Contributed by Lukas
Global energy infrastructure continues to find itself under cyber attack from Advanced Persistent Threats (APTs). Join our hosts as we discuss recent ...
Root Causes 49: California Consumer Privacy Act
06 Nov 2019
Contributed by Lukas
The California Consumer Privacy Act (CCPA) has been described by some as California's GDPR. This act provides broad protections to consumers in Califo...
Root Causes 48: Weaknesses in MFA Authentication
31 Oct 2019
Contributed by Lukas
A recent FBI warning cautions of attacks that circumvent Multi-Factor Authentication (MFA). Join us as we describe contemporary attacks against MFA an...
Root Causes 47: Quantum Apocalypse - Quantum Resistant Cryptography for IoT
25 Oct 2019
Contributed by Lukas
Expert consensus states that we will need to update cryptography before quantum computers break our existing algorithms in the next ten or fifteen yea...
Root Causes 46: Criminals Are Patching Browsers for TLS Fingerprinting Attacks
22 Oct 2019
Contributed by Lukas
In a new variant on a known attack, a Russian Advanced Persistent Threat has begun applying patches to Chrome and Firefox to enable TLS fingerprinting...
Root Causes 45: What Is the CA/Browser Forum?
18 Oct 2019
Contributed by Lukas
SSL certificate practices are governed by the rules of the CA/Browser Forum. But what is the CA/Browser Forum, who is in it, and where do they get the...
Root Causes 44: Automotive Device Security
15 Oct 2019
Contributed by Lukas
The automobile is undoubtedly among today's most complex, commonplace, and security-sensitive IoT devices. Our hosts describe the cyber threats facing...
Root Causes 43: Quantum Apocalypse - More on Mosca's Inequality
11 Oct 2019
Contributed by Lukas
In episode 35 our hosts explained Mosca's Inequality, a formula for calculating when we need to have post-quantum encryption in place to prevent the Q...
Root Causes 42: Anatomy of a Botnet
08 Oct 2019
Contributed by Lukas
We talk about botnets a lot, but not everyone understands how they are built and used by the criminals who control them or how headless IoT devices ha...