Episode 228: Supply Chain Attackery

Most Mac Admins use a device management tool – be it agentless (ie MDM which arguably has a first party agent) or one that uses an agent to provide more capabilities than the MDM protocol does on its own. Recently, we’ve seen a number of attacks that target systems used to keep computers updated and matching security requirements. Today’s episode explores a recent article in Wired about the potential behind supply chain attacks on the Jamf platform – with about the best people you could be having talk about it, people from Jamf!
Hosts:
- Tom Bridge, Principal Product Manager, JumpCloud – @tbridge777
- Charles Edge, CTO, Bootstrappers.mn – @cedge318
- Marcus Ransom, Apple Systems Architect, CompNow – @marcusransom
Guests:
- Matthias Wollnik (Product Marketing Manager, Security)
- Catherine (Katie) McKay, Consulting Engineer for Security
- Jaron Bradley, Detections Lead
Links
- Black Hat Talk
- Wired Story
- History of Defcon
- All the defcon talks
- Defcon Red Teaming
- The Cuckoo’s Egg
- XCSSET Zero-day Exploit
- Ken Thompson’s Reflections of Trust
- Handbrake hacked
- Jaron’s Blog
- Jaron’s Book
Listen:
Sponsors:



Patreon Sponsors:
The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:
Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
Mac Admins Podcast Community Calendar, Sponsored by Watchman Monitoring
Conferences
Event Name | Location | Dates | Format | Cost |
---|---|---|---|---|
ACES Conference | Online | 5, 12, 19, 26 May 2022 | Synchronous • Thursdays 12:00-14:30 EDT (UTC-4) | USD$299 |
MacAdmins Campfire Sessions | Online (State College, PA, USA) | Thursdays in June and July 2022 | Synchronous • Thursdays 13:00-15:00 EDT (UTC-4) | Free |
Apple Worldwide Developers Conference | Online (one in-person event @ Cupertino, CA, USA) | 6–10 June 2022 | Asynchronous • New sessions available daily | Free |
MacDevOps YVR | Online (Vancouver, BC, Canada) | 15-17 June 2022 | Synchronous • 2 consecutive days | CAD$50-2000 |
Jamf Nation User Conference | San Diego, CA & Online | 27–29 September 2022 | In Person & Virtual | $899-$1299 Education. $1099-$1499 Commercial (pricing increases over time), $299 Virtual, Keynote streams free |
MacSysAdmin | Online (Göteborg, Sweden) | 4–7 October 2022 | Asynchronous • New sessions available daily | Free (Optional T-shirt purchase) |
Objective by the Sea | El Vendrell, Spain (Barcelona) | 3-5 October 2022 (Training) 6-7 October 2022 (Talks) |
In Person | 0-499€ |
Upcoming Meetups
Event Name | Location | Dates | Cost |
---|---|---|---|
Mac Admin Monthly | Virtual | 8 March 2022, 4:30pm ET | Free |
JumpCloud IT Admin Network (DC) | Virtual | 8 March 2022, 4pm ET | Free |
San Diego MacAdmins Meetup | Virtual | 9 March 2022, 6pm PT | Free |
Recurring Meetups
Event Name | Location | Dates | Cost |
---|---|---|---|
London Apple Admins Pub | Online weekly (see #laa-pub in MacAdmins Slack for connection details), sometimes in-person | Most Thursdays at 17:00 BST (UTC+1), 19:00 BST when in-person | Free |
#ANZMac Channel Happy Hour | Online (see #anzmac in MacAdmins Slack for connection details) | Thursdays 5 p.m. AEST | Free |
Sponsor the Mac Admins Podcast:
If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information.
Social Media:
Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!