That first CVE was a fun find, for sure. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Technology, News, Daily News, Tech News

4.8 • 1.1K Ratings

🗓️ 14 November 2020

⏱️ 27 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In the late 90s, hackers who discovered vulnerabilities would sometimes send an email to Bugtraq with details. Bugtraq was a notification system used by people with an interest in network security. It was also a place that might have been monitored by employees of software companies looking for reports of vulnerabilities pertaining to their software. The problem was - there wasn't an easy way to track specific vulnerabilities in specific products. It was May 1999. Larry Cashdollar was working as a system administrator for Bath Iron Works under contract by Computer Sciences Corporation. Specifically, he was a UNIX Systems Administrator, level one. His team managed over 3,000 UNIX systems across BIW's campuses. Most of these were CAD systems used for designing AEGIS class destroyers. This position gave me access to over 3,000 various flavors of UNIX ranging from Sun Solaris to IBM AIX. Joining us in this week's Research Saturday to discuss his journey from finding that first CVE through the next 20 years and hundreds of CVEs is Akamai Senior Response Engineer Larry Cashdollar. The research can be found here: MUSIC TO HACK TO: MY FIRST CVE AND 20 YEARS OF VULNERABILITY RESEARCH Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Today's episode is sponsored by SRM, your first call for cybersecurity and
0:18.1	investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered
0:25.3	tailored security solutions for global corporations and their executives.
0:29.5	Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,
0:36.4	or navigating the murky waters of compliance and ESG challenges,
0:40.9	SRMs, Insight and Straight straightforward advice will help you navigate complex risks
0:46.4	and emerge more resilient.
0:48.4	Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom
0:55.3	to solve problems in new ways, enabling them to craft simple effective solutions for your
1:01.4	unique cyber challenges.
1:03.7	Search your first call to discover how SRM can help your business. Hello everyone and welcome to the CyberWire's research Saturday.
1:25.0	I'm Dave Bitner and this is our weekly conversation with researchers and analysts
1:29.0	tracking down threats and vulnerabilities, solving some of the hard problems of protecting ourselves in a rapidly
1:35.2	evolving cyberspace.
1:37.3	Thanks for joining us.
1:38.4	One of the PR guys, Tim, he thought it would be interesting if I spoke about my first TVE since I had been at Akramai for 20 years.
1:50.0	It had more of a story behind it than I think him was expecting so it was actually caused some mayhem so I wrote it up and here I am
2:01.0	That's Larry Cashdollar he's a senior security response engineer at Akamai Technologies.
2:06.3	Today we're discussing his recent blog post, Music to Hack To, My First CBE and 20 years of vulnerability research. You can sense the glory. If this is started something.
2:24.0	Feel it in your bone.
2:26.0	Wow!
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.