Episode 228: Supply Chain Attackery
Most Mac Admins use a device management tool – be it agentless (ie MDM which arguably has a first party agent) or one that uses an agent to provide more capabilities than the MDM protocol does on its own. Recently, we’ve seen a number of attacks that target systems used to keep computers updated and matching security requirements. Today’s episode explores a recent article in Wired about the potential behind supply chain attacks on the Jamf platform – with about the best people you could be having talk about it, people from Jamf!
Hosts:
- Tom Bridge, Principal Product Manager, JumpCloud – @tbridge777
- Charles Edge, CTO, Bootstrappers.mn – @cedge318
- Marcus Ransom, Apple Systems Architect, CompNow – @marcusransom
Guests:
- Matthias Wollnik (Product Marketing Manager, Security)
- Catherine (Katie) McKay, Consulting Engineer for Security
- Jaron Bradley, Detections Lead
Links
- Black Hat Talk
- Wired Story
- History of Defcon
- All the defcon talks
- Defcon Red Teaming
- The Cuckoo’s Egg
- XCSSET Zero-day Exploit
- Ken Thompson’s Reflections of Trust
- Handbrake hacked
- Jaron’s Blog
- Jaron’s Book
Listen:
Sponsors:
Patreon Sponsors:
The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:
Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
Mac Admins Podcast Community Calendar, Sponsored by Watchman Monitoring
Conferences
| Event Name | Location | Dates | Format | Cost |
|---|---|---|---|---|
| Mac Admins Campfire Sessions | Online | 3, 10, 17, 24 June; 8, 15, 22, 29 July 2021 | Synchronous • Thursdays 13:00-15:00 EDT (UTC-4) | Free |
| MacAdminsUA | Online | 16 September | Synchronous | Free |
| Objective by the Sea | Maui, Hawaii, USA | 28 September – 01 October 2021 | In-person • 2 days training, 2 days presentations | Free or USD$499 Corporate |
| MacSysAdmin | Online | 5–8 October 2021 | Asynchronous • New sessions available daily | Free (Optional T-shirt purchase) |
| Jamf Nation User Conference | Online | 19–21 October 2021 | Synchronous • 3 consecutive days | Free |
| MacTech Conference | TBA | 3rd Quarter 2021 or later | TBA | TBA |
| MacAD.UK | London, UK | March 2022 | In-person • 2 consecutive days | £495-595 |
Upcoming Meetups
| Event Name | Location | Dates | Cost |
|---|
Future Meetups
| Event Name | Location | Dates | Cost |
|---|---|---|---|
| London Apple Admins Pub | Online (see #laa-pub in MacAdmins Slack for connection details) | Most Thursdays at 5 p.m.-ish (17:00 UTC) | Free |
| #ANZMac Channel Happy Hour | Online (see #anzmac in MacAdmins Slack for connection details) | Thursdays 5 p.m. AEST | Free |
Sponsor the Mac Admins Podcast:
If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information.
Social Media:
Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!
Support the podcast by becoming a backer on Patreon. All backer levels get access to exclusive content!
