TWiET 426: Legal Disco - eBook class-action against Amazon, tech visionary Sheldon Adelson, reducing the paper chase in your law office
Play • 1 hr 3 min
  • eBook customers file a class-action lawsuit against Amazon for anti-competitive pricing agreements
  • Successful malware incidents rise
  • China tosses more obstacles at WHO team investigating Covid-19 origins
  • IBM acquiring, left and right, to get back into the customized cloud industry
  • NSA recommends only 'designated' DNS resolvers
  • Qualcomm to acquire Nuvia
  • Self-driving vehicles exempt from some crash standards in U.S.
  • Curt Franklin on his personal experience with tech visionary Sheldon Adelson
  • Kiwi Camara, CEO of DISCO talks about reducing the paper chase in your legal office and why DISCO thinks they are the SalesForce of the legal world.

Hosts: Louis Maresca, Brian Chee, and Curt Franklin

Guest: Kiwi Camara

Download or subscribe to this show at


Tech's Message: News, Insight & Nostalgia With Nate Lanxon & Friends
Tech's Message: News, Insight & Nostalgia With Nate Lanxon & Friends
Nate Lanxon
Tech’s Message Episode 231: Short Version
This week on the regular version of Tech’s Message: Romance fraud on rise in coronavirus lockdown Man to pay £25,000 damages over negative TrustPilot review ** Exclusive for Patreon supporters ** Access to our ad-free, longer version of the show, which includes the above as well as additional discussions about: Twitter wants to let you pay me for my Tweets Also each episode for Patreon supporters: Extended segments Personal stories Fun outtakes and so much more! TECH’S MESSAGE IS: Hosts: Nate Lanxon, Ian Morris Recurring Guest Host: Andy Hoyle Production and Editing: Nate Lanxon Voiceover Artist: Marta Svetek Music: Audio Network & Pond5 Certain Artwork Elements Designed By: macrovector / Freepik Publisher: Acast Copyright © Nate Lanxon Ads are not endorsements, nor controlled by Tech’s Message. Read Nate’s ad policy. Visit Us: WANT MORE? Access ad-free, extended versions of each episode, download our weekly sister show Extra Message, listen to us recording live or download a full uncensored copy on demand, and much more, by joining us on Patreon at You’ll get instant access to our entire back catalogue of extended shows, Extra Message, our Discord member’s club, higher quality MP3s, and there’s zero commitment required. Give us a try and support me and the show in the process!   See for privacy and opt-out information.
27 min
David Bombal
David Bombal
David Bombal
#254: David Bombal: Best Hacking Laptop and OS
Parrot OS vs Kali Linux? Which is the best hacking OS? Which laptop should you buy for hacking? Should you use a VM or bare metal install? Lots of questions answered in this video! Menu: Which is the best hacking OS. What does parrot say? 0:00​ Neal's choice and why: 0:31​ Which laptop does Neal use for hacking: 3:27​ What about Windows and WSL2: 5:06​ What about bare metal installations: 5:47​ VM vs baremetal Performance: 7:34​ Which laptop would you buy if starting out: 8:12​ Moving from a Mac to Windows: 11:33​ Ultimate laptop for hacking: 12:00​ Career perspective: 13:45​ How much of my time is hacking vs other tasks: 14:55​ You are a *$%^& hacker if you cannot do this: 16:13​ How much of my time will be spent on hacking: 20:13​ How do I learn to write reports: 22:10​ Breach reports: 26:30​ Summary: 28:15​ ============================== Examples of reports mentioned: ============================== FireEye: ​Securelist: ​Krebs: ​ ======================= Direct links mentioned: ======================= Mandiant: ​Kaspersky Securelist: ​Krebs: ​ ================ Connect with Neal: ================ LinkedIn: ​Twitter: ​Twitch: ​ ================ Connect with me: ================ Discord: ​Twitter: ​Instagram: ​LinkedIn: ​Facebook: TikTok: ​YouTube:​
13 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion
Links to discussed items: Yandex Employee Caught Selling Access to Users' Email Inboxes ( Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple | Threatpost Google pitches security standards for 'critical' open-source projects | SC Media ( Google’s approach to secure software development and supply chain risk management | Google Cloud Blog sec evangelist @blumira Check out our Store on Teepub! Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email #AmazonMusic: #Spotify: #Pandora: #RSS: #Youtube Channel: #iTunes Store Link: #Google Play Store: Our main site: #iHeartRadio App: #SoundCloud: Comments, Questions, Feedback: Support Brakeing Down Security Podcast by using our #Paypal: OR our #Patreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : #Stitcher Network: #TuneIn Radio App:
57 min
PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking
A couple privacy violations, PDF exploits, and a complicated API being misused by developers. [00:00:48] Brave browser leaks onion addresses in DNS traffic * [00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers * [00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs * [00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag * [00:32:42] Middleware everywhere and lots of misconfigurations to fix * [00:43:05] GPGme used confusion, it's super effective ! * [00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions * [01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface * [01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits * [01:20:27] Model Skewing Attacks on Machine Learning Models * [01:21:37] Future of Exploit Development - 2021 and Beyond * Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)
1 hr 24 min
CISO-Security Vendor Relationship Podcast
CISO-Security Vendor Relationship Podcast
Mike Johnson and David Spark
Would You Look at that Unrealistic Licensing Deal?
All links and images for this episode can be found on CISO Series CISOs know that salespeople want to make the best licensing deal they can possibly get. But unpredictability in the world of cybersecurity makes one-year licensing deals tough, and three-year licensing deals impossible. This episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest this week is Mark Eggleston, (@meggleston) CISO, Health Partners Plans. This recording was recorded live in front of a virtual audience at the "SecTalks - Leading with grit in security" virtual conference brought to you by our sponsor, Cobalt. Thanks to our podcast sponsor, Cobalt Cobalt offers a faster more effective pentesting solution through its Pentest as a Service (PtaaS) platform. With it, you can schedule a pentest in as little as 24 hours for all kinds of assets. The platform also connects you with a global pool of pentesters called the Cobalt Core, whose skills can match what you need. And instead of sending you a huge PDF that raises more questions you can’t answer, they engage with your team throughout the pentest. Findings can land straight into Jira and GitHub, helping you fix vulnerabilities as soon as they’re discovered. Cobalt makes pentesting easy, quick to deploy, scalable, and simple to remediate. On this week's episode Why is everybody talking about this now? A redditor is struggling and overwhelmed! The person is in school studying, working, and loving cybersecurity, but has completely and utterly failed the foundations course and is on academic probation. The person told their story to the cybersecurity subreddit community, and the support came out in droves. We've seen this before. People hit a major wall professionally and they just reach out to the anonymous masses for support. The story hits a nerve and the community is eager to show encouragement. In fact, just this past week, the New York Times had an article about the unemployment subreddit offering advice and information to those struggling. We'll take a look at this tactic of reaching out for support and guidance through discussion boards. What do you think of this vendor marketing tactic? "Pro tip to vendors: don’t claim that you can’t do a one-year licensing deal. You might end up with a zero-year license deal", said Ian Amit, CSO, Cimpress on LinkedIn. We'll look at the art of negotiating a contract with a vendor: What is it ultimately you want? What are you willing to concede on and what must you have? And what are the situations that cause this to change? It's time to play, "What's Worse?!" Jason Dance of Greenwich Associates suggests two scenarios that others believe is security, but actually isn't. If you haven’t made this mistake, you’re not in security On Twitter, the CISO of Twitter, Rinki Sethi, said, "A career mistake I made, I rolled out a phishing testing program before the company was ready for it. The HR team said it was against the company culture and if I tried a trick like that again, I would be fired. Lesson - communication is important in #cybersecurity." Rinki asked for others' stories of failure. Let's explore a few. What Is It and Why Do I Care? For this week's game, the topic is vulnerability management. We look at four pitches from four different vendors. Contestants must first answer what "vulnerability management" is in 25 words or less, and secondly must explain what's unique about their vulnerability management solution. These are based on actual pitches - company names and individual identities are hidden. The winners will be revealed at the end.
38 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 123 - Adventures in Venture Capital with Lindsay Lee
Lindsay Lee is the founder and managing member of Authentic Ventures. Authentic Ventures is an early stage VC firm based in Oakland CA. Lindsay has worked many years in the investment industries as well as venture capital and ran a direct investment fund. Authentic ventures is a new kind of firm focused primarily on women and under-represented minority founders. Authentic Ventures is focused on building its own network of women founders of more diverse backgrounds and entrepreneurs who really want to see success translate into more opportunities for their communities. Coming from modest beginnings and raised by immigrant parents from the West Indies, his parents really solidified the importance of education. Lindsay has worked in investment banking as an analyst alongside graduates of Ivy League schools, there he learned about his own determination to excel even in tough working conditions while learning as much as possible. After graduating from graduate school Lindsay started an ill-fated technology start up in 1999; funding was hard to find in the early naughts (00’s) especially for Black founders. After pivoting to working in asset management companies Lindsay joined a family office where he built and managed a portfolio. He reached a turning point there where he was able to look at public and private investments and assess the landscape. Lindsay decided he wanted to differentiate himself and focus efforts on really approaching investment in his own way, to invest in “early stage companies,” as opposed to series A or series B companies. A peer at another firm told him that it was going to be double the effort and twice the financing to get it off the ground. Lindsay’s drive and the network he was a part of propelled him through the challenges. The conversation touches upon the “rules of the game” for galvanizing new ideas and bringing new products and companies into the market. He speaks about the roles that entrepreneurs, lawyers and investors have in capital markets. Lindsay found his calling as an investor was one where he was a coach, rather than an entrepreneur who is trying to score goals all the time. Lindsay describes how his focus was on cultivating relationships and community in order to grow an interconnected network that would allow for long lasting impact in the landscape while also bringing success to his firm. He shares that the one thing he’s had to get right is finding A+ people to work with. In his approach as an investor he is trying to set the table for women of color and reserve, or build, a seat at the table that allows for success to be shared. Lindsay believes this focus will lead to more opportunities for more diverse teams. For folks interested in becoming an investor or entrepreneur Lindsay speaks about the importance of team building and utilizing the connections they already have as capital. He also urges people to not ignore the skills they’ve gained by applying themselves and that those skills plus knowledge of the space they’re focused on can create something that’s meaningful. Impactful Moments During Podcast 00:00 - Welcome back to the Hacker Valley Studio, introducing Lindsay Lee of Authentic Ventures, a VC firm that invests in seed and early stage companies. 02:30 - Building a more diverse inclusive VC network and culture. 04:30 - What the exploration of VC was like for Lindsay and what were some of the motivations for moving in this way in that sphere. 06:45 - Why it’s important for diversity that a firm like Authentic Ventures exists in Silicon Valley and the tech community. 07:20 - How VC firms can help create more wealth across communities of color and gender. 09:30 - The journey to VC and what exploring that world looked like for Lindsay. 10:00 - Entrepreneurship as a sport: who are players, rule-makers and play callers. 11:45 - Taking the long view on cultivating good investments and finding the right people. 12:20 - Starting his own thing in VC, differentiating himself and dealing with uncertainty 14:27 - What immersion in VC is like, navigating changing landscapes 15:15 - If you’re looking for a challenge, investing is a good field; things not going to plan. 15:45 - Why you need to find A+ people. 17:20 - Staying humble and grounded in VC 18:14 - What creates success in entrepreneurial endeavors 19:30 - Why Authentic Ventures has a culture of good energy 20:45 - Studying and data in VC, compounding experience and knowledge, the value of having a community 22:40 - Trying to find ideas and company with momentum 23:20 - No free lunch in investing? What does a margin of error mean in this VC world. 24:45 - Why VC firms learn about the founders, how to scrutinize the methodology 26:00 - If you’re an entrepreneur why you should get to know a VC fund outside of funding events. 27:00 - Being an early believer in trailblazers 28:00 - Authentic Ventures tries to win together, with the right people 29:25 - Lindsay talks about not starting out on First or Second Base and making an impact that helps his community. 30:35 - Having something to prove as an analyst at investment banks 31:45 - The best lesson to learn as an investor, understanding the people, connecting with people that share your values. 33:30 - Why there’s no substitute for excellence or hard work. 37:23 - Staying power and determination: “Get your money right.” 38:30 - Staying in touch with Lindsay Lee and Authentic Ventures Stay connected with Lindsay Lee by checking out Authentic Ventures Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.
41 min
Security Unlocked
Security Unlocked
Judging a Bug by Its Title
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles.  And, believe it or not, it works! (Sorry, Grandma!)  Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.    In This Episode, You Will Learn: • How data science and ML can improve security protocols and identify and classify bugs for software developers  • How to determine the appropriate amount of data needed to create an accurate ML training model  • The techniques used to classify bugs based simply on their title    Some Questions We Ask: • What questions need to be asked in order to obtain the right data to train a security model?  • How does Microsoft utilize the outputs of these data-driven security models?   • What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?    Resources:    Microsoft Digital Defense Report    Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”    Mayana’s LinkedIn    Nic’s LinkedIn          Natalia’s LinkedIn          Microsoft Security Blog:  Transcript (Full transcript can be found at Nic Fillingham: Hello, and welcome to Security Unlocked, a new podcast from Microsoft where we unlock insights from the latest in news and research from across Microsoft Security engineering and operations teams. I'm Nic Fillingham- Natalia Godyla: And I'm Natalia Godyla. In each episode we'll discuss the latest stories from Microsoft Security, deep dive into the newest threat, intel, research and data science- Nic Fillingham: And profile some of the fascinating people working on artificial intelligence in Microsoft Security. Natalia Godyla: And now let's unlock the pod. Natalia Godyla: Hello, Nic. How's it going? Nic Fillingham: Hello, Natalia. Welcome back. Well, I guess welcome back to Boston to you. But welcome to Episode 16. I'm confused because I saw you in person last week for the first time. Well, technically it was the first time for you, 'cause you didn't remember our first time. It was the second time for me. But it was- Natalia Godyla: I feel like I just need to justify myself a little bit there. It was a 10 second exchange, so I feel like it's fair that I, I was new to Microsoft. There was a lot coming at me, so, uh- Nic Fillingham: Uh, I'm not very memorable, too, so that's the other, that's the other part, which is fine. But yeah. You were, you were here in Seattle. We both did COVID tests because we filmed... Can I say? You, you tell us. What did we do? It's a secret. It is announced? What's the deal? Natalia Godyla: All right. Well, it, it's sort of a secret, but everyone who's listening to our podcast gets to be in the know. So in, in March you and I will be launching a new series, and it's a, a video series in which we talk to industry experts. But really we're, we're hanging with the industry experts. So they get to tell us a ton of really cool things about [Sec Ups 00:01:42] and AppSec while we all play games together. So lots of puzzling. Really, we're just, we're just getting paid to do puzzles with people cooler than us. Nic Fillingham: Speaking of hanging out with cool people, on the podcast today we have Mayana Pereira whose name you may have heard from a few episodes ago Scott Christiansen was on talking about the work that he does. And he had partnered Mayana to build and launch a, uh, machine learning model that looked at the titles of bugs across Microsoft's various code repositories, and using machine learning determined whether those bugs were actually security related or not, and if they were, what the correct severity rating should be. Nic Fillingham: So this episode we thought we'd experiment with the format. And instead of having two guests, instead of having a, a deep dive upfront and then a, a profile on someone in the back off, we thought we would just have one guest. We'd give them a little bit extra time, uh, about 30 minutes and allow them to sort of really unpack the particular problem or, or challenge that they're working on. So, yeah. We, we hope you like this experiment. Natalia Godyla: And as always, we are open to feedback on the new format, so tweet us, uh, @msftsecurity or send us an email Let us know what you wanna hear more of, whether you like hearing just one guest. We are super open. And with that, on with the pod? Nic Fillingham: On with the pod. Nic Fillingham: Welcome to the Security Unlocked podcast. Mayana Pereira, thanks for joining us. Mayana Pereira: Thank you for having me. I'm so happy to be here today, and I'm very excited to share some of the things that I have done in the intersection of [ML 00:03:27] and security. Nic Fillingham: Wonderful. Well, listeners of the podcast will have heard your name back in Episode 13 when we talked to Scott Christiansen, and he talked about, um, a fascinating project about looking for or, uh, utilizing machine learning to classify bugs based simply on, on their title, and we'll get to that in a minute. But could you please introduce you- yourself to our audience. Tell us about your title, but sort of what does that look like in terms of day-to-day and, and, and the work that you do for Microsoft? Mayana Pereira: I'm a data scientist at Microsoft. I've been, I have been working at Microsoft for two years and a half now. And I've always worked inside Microsoft with machine learning applied to security, trust, safety, and I also do some work in the data privacy world. And this area of ML applications to the security world has always been my passion, so before Microsoft I was also working with ML applied to cyber security more in the malware world, but still security. And since I joined Microsoft, I've been working on data science projects that kinda look like this project that we're gonna, um, talk today about. So those are machine learning applications to interesting problems where we can either increase the trust and the security Microsoft products, or the safety for the customer. You know, you would develop m- machine learning models with that in mind. Mayana Pereira: And my day-to-day work includes trying to understand which are those interesting programs across the company, talk to my amazing colleagues such as Scott. And I have a, I have been so blessed with an amazing great team around me. And thinking about these problems, gathering data, and then getting, you know, heads down and training models, and testing new machine learning techniques that have never been used for a specific applications, and trying to unde…
39 min
Windows Weekly (Audio)
Windows Weekly (Audio)
WW 713: Pot-Bellied Mastodons - Updating Windows, Microsoft Ignite, and Power Fx
Updating Windows, Microsoft Ignite, and Power Fx Microsoft Office * Microsoft announces two new Office updates for 2021: * Office LTSC * Office 2021 for commercial and consumer customers Windows 10 * Microsoft is cutting Windows 10 Enterprise LTSC support from ten years to five * Microsoft Brings Another FEP to the Windows Insider Beta Channel * Microsoft to talk about the future of mixed reality' at Ignite conference next week Power Platform * Microsoft readies Power Fx, a new Power Platform low-code language * Too late; P# already exists Surface * Microsoft is Selling Replacement SSDs for Surface Pro 7+ Microsoft * Microsoft Concludes Its SolarWinds Investigation * Microsoft Calls for Australian-Style Media Arbitration in EU * Microsoft unveils three more 'industry clouds' for financial, manufacturing and nonprofit Xbox * Microsoft Announces Games for Gold for March * Fall Guys Lands on Xbox This Summer * Sony is Bringing VR to PlayStation 5 * Sony is Bringing PlayStation Games to the PC Tips and picks * Tip of the week: Buy cereal, get Xbox Game Pass Ultimate * App pick of the week: Tiles 2.0 * Developer pick of the week: .NET Conf Focus on Windows * Enterprise pick of the week: Automatically translate Word docs into PowerPoints * Beer pick of the week: Delirium Black Barrel Aged Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at Check out Paul's blog at Check out Mary Jo's blog at The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: * *
2 hr 4 min
More episodes
Clear search
Close search
Google apps
Main menu