Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Вміст надано Alex Murray and Ubuntu Security Team. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Alex Murray and Ubuntu Security Team або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Схожі до Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Daily update on current cyber security threats
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Don’t miss our last live stream of the year- We’re kicking off with a hands-on review of the OpenWRT One and wrapping up with the grand finale: the Final Tuxies.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
Episode 243
Manage episode 456474270 series 2423058
Вміст надано Alex Murray and Ubuntu Security Team. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Alex Murray and Ubuntu Security Team або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Overview
It’s the end of the year for official duties for the Ubuntu Security team so we take a look back on the security highlights of 2024 for Ubuntu and predict what is coming in 2025.
2024 Year in Review for Ubuntu Security (00:55)
full-disclosure necromancy with zombie CVEs
Development of unprivileged user namespace restrictions for Ubuntu 24.04 LTS
Linux kernel becomes a CNA
Ubuntu participates in Pwn2Own Vancouver
xz-utils / SSH backdoor supply-chain attack
Linux Security Summit NA and EU
Release of Ubuntu 24.04 LTS
regreSSHion remote unauthenticated code execution vulnerability in OpenSSH
Various other high profile vulnerabilities
- Discussion of CVE-2024-5290 in
wpa_supplicantfrom Episode 234 - Deep dive into needrestart local privilege escalation vulnerabilities from Episode 242
Ubuntu/Windows Dual-boot regression
AppArmor-based snap file prompting experimental feature
- Ubuntu Security Center with snapd-based AppArmor home file access prompting preview from Episode 236
- Official announcement of Permissions Prompting in Ubuntu 24.10 from Episode 237
Predictions for 2025 (14:35)
- Increased use of AI to both spam projects with hallucinated CVEs (e.g. curl) but also to “aid” in dealing with that spam
- as the shine wears of AI likely expect OSS projects to ban contributions generated with the aid of AI - whether CVE reports or code
- but also expect companies to try and prove the worth of AI by finding novel vulns - e.g. apparent first 0-day discovered with AI doing vuln research https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
- also more expected uses of AI like automating tasks used in the process of security-related SW dev - automatically generating fuzz targets and then improving the fuzz targets via AI as well https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
- More malware targeting Linux
- didn’t mention it earlier but we covered a number of Linux malware teardowns this year and expect that trend to increase as Linux keeps growing in popularity
- Full LSM stacking still won’t make it into the upstream Linux kernel
- Integrity of code and data will play more of a role
- both in terms of software supply chain and integrity of distro repos etc, but also efforts to try and guarantee the integrity of a Linux system itself - whether via new IPE LSM or other mechanisms - mainstream distros will start to care about integrity more
- More collaboration across distros to aid in efforts to collectively handle deluge of CVEs
- More efforts to try and fund OSS to learn from lessons of Heartbleed and xz-utils
- some more and less successful
- More interesting vulns in more software
- During 2024 Qualys have done some of the most interesting vuln research on Linux - expect more from them and from others (whether aided by AI or not)
Get in contact
248 епізодів
Поширити
Manage episode 456474270 series 2423058
Вміст надано Alex Murray and Ubuntu Security Team. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Alex Murray and Ubuntu Security Team або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Overview
It’s the end of the year for official duties for the Ubuntu Security team so we take a look back on the security highlights of 2024 for Ubuntu and predict what is coming in 2025.
2024 Year in Review for Ubuntu Security (00:55)
full-disclosure necromancy with zombie CVEs
Development of unprivileged user namespace restrictions for Ubuntu 24.04 LTS
Linux kernel becomes a CNA
Ubuntu participates in Pwn2Own Vancouver
xz-utils / SSH backdoor supply-chain attack
Linux Security Summit NA and EU
Release of Ubuntu 24.04 LTS
regreSSHion remote unauthenticated code execution vulnerability in OpenSSH
Various other high profile vulnerabilities
- Discussion of CVE-2024-5290 in
wpa_supplicantfrom Episode 234 - Deep dive into needrestart local privilege escalation vulnerabilities from Episode 242
Ubuntu/Windows Dual-boot regression
AppArmor-based snap file prompting experimental feature
- Ubuntu Security Center with snapd-based AppArmor home file access prompting preview from Episode 236
- Official announcement of Permissions Prompting in Ubuntu 24.10 from Episode 237
Predictions for 2025 (14:35)
- Increased use of AI to both spam projects with hallucinated CVEs (e.g. curl) but also to “aid” in dealing with that spam
- as the shine wears of AI likely expect OSS projects to ban contributions generated with the aid of AI - whether CVE reports or code
- but also expect companies to try and prove the worth of AI by finding novel vulns - e.g. apparent first 0-day discovered with AI doing vuln research https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
- also more expected uses of AI like automating tasks used in the process of security-related SW dev - automatically generating fuzz targets and then improving the fuzz targets via AI as well https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
- More malware targeting Linux
- didn’t mention it earlier but we covered a number of Linux malware teardowns this year and expect that trend to increase as Linux keeps growing in popularity
- Full LSM stacking still won’t make it into the upstream Linux kernel
- Integrity of code and data will play more of a role
- both in terms of software supply chain and integrity of distro repos etc, but also efforts to try and guarantee the integrity of a Linux system itself - whether via new IPE LSM or other mechanisms - mainstream distros will start to care about integrity more
- More collaboration across distros to aid in efforts to collectively handle deluge of CVEs
- More efforts to try and fund OSS to learn from lessons of Heartbleed and xz-utils
- some more and less successful
- More interesting vulns in more software
- During 2024 Qualys have done some of the most interesting vuln research on Linux - expect more from them and from others (whether aided by AI or not)
Get in contact
248 епізодів
Усі епізоди
×
Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.
Схожі до Ubuntu Security Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Daily update on current cyber security threats
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Don’t miss our last live stream of the year- We’re kicking off with a hands-on review of the OpenWRT One and wrapping up with the grand finale: the Final Tuxies.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
