Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons
The Security Ledger Podcasts - En podcast af The Security Ledger
In this episode of the podcast (#190), sponsored by LastPass, Larry Cashdollar of Akamai joins us to talk about how finding his first CVE vulnerability, more than 20 years ago, nearly got him fired. Also: Katie Petrillo of LastPass joins us to talk about how some of the security adjustments we’ve made for COVID might not go away any time soon. [Full Transcript] | [Larry Cashdollar Transcript] | [Katie Petrillo Transcript] When the so-called Zerologon vulnerability in Microsoft Netlogon surfaced in late September word went out far and wide to patch the 10 out of 10 critical software hole. That job was made considerably easier by a number: 2020-1472, the unique Id assigned to the hole under the Common Vulnerabilities and Exposures – or CVE- system. Larry Cashdollar is a Senior Security Response Engineer at Akamai Created by MITRE more than 20 years ago, CVE acts as a kind of registry for software holes, providing a unique identifier, a criticality rating as well as other critical information about all manner of software vulnerabilities. Today, it is a pillar of the information security world. But it wasn’t always that way. 20 Years and 300 CVEs Later… With another Cybersecurity Awareness month upon us, we decided to roll back the clock and talk about what life was like before the creation of the CVE system. To guide us, we reached out to Larry Cashdollar, a Senior Security Response Engineer at Akamai into the studio to talk. Larry is a veteran bug hunter with more than 300 CVEs to his name. In celebration of cybersecurity awareness month, Larry talked to me about the first CVE he received way back in 1998 for a hole in a Silicon Graphics Onyx/2 – and how discovering it almost got him fired. He also talks about what life was like before the creation of the CVE system and some of the adventures he’s had on the road to recording some of the 300 CVEs. 10 Ways to make Your Remote Work Easy and Secure The New New Normal Six months into a pandemic that most of us thought might last six weeks, its time to stop asking when things will return to normal and time to start asking what the new normal will look like when the COVID virus is finally beaten. The Essential Role of IAM in Remote Work Katie Petrillo is the manager of LastPass Product Marketing at LogMeIn. Among the changes to consider are the shifts in the workplace that were expected to be temporary, but are starting to look awfully permanent. Chief among them, the shift to “work from home” and remote work that that has millions of Americans connecting to the office from their dining room tables or home offices. The pandemic has sent a surge of business to companies like LogMeIn, which makes remote access and security tools for remote workers.