Episode 228: Supply Chain Attackery

Most Mac Admins use a device management tool – be it agentless (ie MDM which arguably has a first party agent) or one that uses an agent to provide more capabilities than the MDM protocol does on its own. Recently, we’ve seen a number of attacks that target systems used to keep computers updated and matching security requirements. Today’s episode explores a recent article in Wired about the potential behind supply chain attacks on the Jamf platform – with about the best people you could be having talk about it, people from Jamf!

Hosts:

• Tom Bridge, Principal Product Manager, JumpCloud – @tbridge777
• Charles Edge, CTO, Bootstrappers.mn – @cedge318
• Marcus Ransom, Apple Systems Architect, CompNow – @marcusransom

Guests:

• Matthias Wollnik (Product Marketing Manager, Security)
• Catherine (Katie) McKay, Consulting Engineer for Security
• Jaron Bradley, Detections Lead

Links

• Black Hat Talk
• Wired Story
• History of Defcon
• All the defcon talks
• Defcon Red Teaming
• The Cuckoo’s Egg
• XCSSET Zero-day Exploit
• Ken Thompson’s Reflections of Trust
• Handbrake hacked
• Jaron’s Blog
• Jaron’s Book

Listen:

Sponsors:

Patreon Sponsors:

The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:

Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson

[external_markdown ttl=86400 url=”https://raw.githubusercontent.com/MacAdminsPodcast/comcal/master/Comcal.md”]

Sponsor the Mac Admins Podcast:

If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information.

Social Media:

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!