New Video from @hak5: Cybersecurity Updates and Event Preparations

In this new video from the @hak5 channel, Ally Diamond presents the week's episode of Threatwire leading up to Defcon. Several key topics are discussed, including a major security flaw in a confidential chat application for women, a new Google initiative to secure software supply chains, and preparations for the Defcon and Black Hat events.

Ally Diamond begins by discussing a security flaw in the T application, a confidential chat platform for women. This app, which reached the top of the Apple Store's free charts with millions of users, suffered a massive data leak. Over 72,000 images, including 13,000 selfies and numerous ID photos of users, were exposed. A few days later, another server containing more than a million private messages was also discovered. The cause of this flaw is attributed to misconfigured servers, accessible via unauthorized calls. Ally Diamond emphasizes the importance of this flaw, comparing the severity of the exposure of women's personal information to that of credit card numbers or social security numbers. She invites viewers to share their opinions on whether this flaw qualifies as a true hack.

Next, Ally Diamond introduces a new Google initiative aimed at strengthening the security of software supply chains. With the increase in attacks on these chains, Google has introduced the OSS Rebuild tool. This tool aims to improve transparency and trust in open-source projects by using a declarative build process, build instrumentation, and network monitoring capabilities. OSS Rebuild operates within the SLSA (Supply-chain Levels for Software Artifacts) framework to produce reliable and durable security metadata. The tool is designed to detect compromises in the build environment, potential backdoors, unsolicited user code, or code missing from the public repository. Ally Diamond reminds viewers of the importance of financially supporting open-source project maintainers.

Finally, Ally Diamond talks about the excitement surrounding the Defcon and Black Hat events, where she will be present. She mentions that she will be distributing Threatwire stickers and invites viewers to meet her at the Hack 5 booth. She highlights that this year marks the 20th anniversary of Hack 5 and promises big surprises. Due to these events, there will be no Threatwire episodes on August 4 and 11, but Ally Diamond will return on August 18. She encourages viewers to follow her on Instagram for real-time updates and event vlogs.

In conclusion, this video provides a comprehensive overview of the latest news in cybersecurity and preparations for the Defcon and Black Hat events. It highlights the importance of data security and software supply chain security while reminding viewers of the importance of supporting open-source projects.