The Adversarial Podcast Ep. 11 - incoming Trump administration, Microsoft's leaked SaaS creds, and software liability policy

Introduction:

• The episode opens with a discussion on securing devices for employees traveling to high-risk countries, like China, as a way to protect corporate data and maintain customer trust.
• Hosts Jerry, Sounil, and Mario welcome listeners and discuss recent events, including the FS-ISAC Fall Summit in Atlanta and geopolitical implications of the recent election.

Key Topics:

1. Geopolitical Risks:
   • The group explores China's espionage activities and Russia's geopolitical maneuvers, predicting shifts in attacker strategies depending on U.S. political leadership.
   • Concerns about China's possible invasion of Taiwan and its implications for global tech, particularly chip manufacturing, are highlighted.
2. Cybersecurity and Crypto:
   • The hosts discuss the post-election stock market bump, particularly in the tech and crypto sectors, and note the growing reliance on platforms like Coinbase.
   • They debate the perception and reality of cryptocurrency stability.
3. Travel Security Policies:
   • The panel critiques outdated views on China-focused security policies and suggests broadening these policies to apply to all non-extradition countries.
   • Anecdotes on “burner laptops” and espionage myths are shared, emphasizing a need for realistic threat modeling.
4. InfoStealers and SaaS Security:
   • Rising threats from InfoStealer malware, which targets stored credentials, are explored.
   • A specific case involving Snowflake and ServiceNow platforms highlights vulnerabilities tied to single-factor authentication and API misuse.
   • Debate on whether such findings should be within the scope of bug bounty programs arises.
5. Shift Toward Hybrid and On-Prem Models:
   • Discussion on whether critical applications are moving back on-premises due to high cloud costs, especially for AI workloads.
   • The hosts argue the shift is likely economic rather than security-driven.
6. EU Product Liability Directive:
   • The EU’s new directive introduces potential liability for software developers and companies, even extending to individual coders.
   • The implications for open source and global software markets are debated, with concerns about increased costs for doing business in the EU.
7. CrowdStrike vs. Delta Lawsuit:
   • The CrowdStrike-Delta legal battle is analyzed, focusing on issues like the discovery of risk registers and internal chats, and how this might expose Delta's cybersecurity weaknesses.
   • Potential ripple effects for CrowdStrike's reputation and customer base are considered.

Closing Thoughts:

• The episode ends with reflections on regulatory landscapes, including GDPR and how enforcement levels shape software innovation and compliance strategies.
• The hosts tease ongoing developments in the CrowdStrike case as a topic to watch closely.

This episode combines high-level geopolitical discussions with detailed analysis of pressing cybersecurity trends, offering a mix of technical insights and industry perspectives.

Stories

• "Canada Arrests Man Suspected of Hacks of Snowflake Customers" - (https://www.bnnbloomberg.ca/business/2024/11/05/hacker-said-to-be-behind-breach-of-snowflake-customers-arrested/)
• "How I Accessed Microsoft’s ServiceNow — Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachments" - https://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b
• "What Can You Expect From the New Product Liability Directive?" (https://www.cov.com/en/news-and-insights/insights/2024/10/what-can-you-expect-from-the-new-product-liability-directive)

Hosts:

• Jerry Perullo: https://www.linkedin.com/in/perullo/
• Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/
• Sounil Yu: https://www.linkedin.com/in/sounil/