Podcast Notes: January 2025

Below are some interesting points I found from podcasts listened to during January 2025

Podcasts – January 2025

Security Now (SN) 1010

  • Cloudflare reports a 53% increase in DDoS attacks in 2024 compared to 2023.
  • DNS over TLS:
    • Certificates add an average of 3-6 KB in size.
    • Uses port 853.
    • Creates a TLS connection to a remote DNS server over a URL.
    • TLS RADIUS server must maintain state and track secret session keys, making it much more resource-intensive than UDP.

Reference: Link to Podcast Website.

Security Now (SN) 1009

  • Attacking TOTP (Time-based One-Time Passwords).
  • Windows January 2025 vulnerabilities:
    • Remote code execution and privilege escalation are the most powerful and sought-after exploits by attackers.
  • FTC mandates GoDaddy to improve security practices for web hosting services.

Reference: Link to Podcast Website.

NAN082: Mastering Python One Bite at a Time

  • Code every day.
  • Publish in public (e.g., tech blog).
  • Track accomplishments (helpful for motivation and job interviews).
  • Overcome impostor syndrome – don’t assume everyone else is better.
  • Network and make connections.
  • Break projects and learning into small tasks.

Reference: Link to Podcast Website.

Takeaways:

  • Track daily work.
  • Record wins and completed projects.
  • Blog more and improve writing skills.

Security Now (SN) 1008

  • HTOP and TOTP use HMAC-SHA1 message digests to generate unique seeds for each client.
  • When combined with day and time, this generates an SHA1 HMAC digest, which is then used to create a one-time password (OTP).
  • SHA1 is still secure and valid for generating unique 160-bit digests that cannot be reverse-engineered, though it has been deprecated for other cryptographic purposes (e.g., digital signatures).

Reference: Link to Podcast Website.

Security Now (SN) 1007

  • Review of 2025 state age verification legislation.
  • Developer phishing attack targeted Chrome browser extensions for a supply chain attack.
  • SonicWall NSA SSL VPN vulnerability from August 2024 is still actively exploited.
    • Edge firewall security is critical and should be addressed immediately.
  • AI information recommendation: 3Blue1Brown YouTube videos.

Reference: Link to Podcast Website.