Supply Chain Security - Ivan Arce - PSW #781

<p>We will talk about Supply chain security, the TPM 2.0 vulnerabilities recently discovered by a Quarkslab researcher, bugs in reference implementations, vulnerability disclosure and perhaps various other topics.</p> <p>Segment Resources:</p> <p>Vulnerabilities in the TPM2.0 reference implementation</p> <p> <a href= "https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html">https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html</a></p> <p>Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors</p> <p><a href= "https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html"> https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html</a></p> <p>Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++</p> <p> <a href= "https://github.com/programa-stic/security-advisories/blob/master/ObjSys/CVE-2016-5080/README.md">https://github.com/programa-stic/security-advisories/blob/master/ObjSys/CVE-2016-5080/README.md</a></p> <p> </p> <p>Visit <a href= "https://www.securityweekly.com/psw">https://www.securityweekly.com/psw</a> for all the latest episodes!</p> <p>Show Notes: <a href= "https://securityweekly.com/psw781">https://securityweekly.com/psw781</a> </p>