127: Maddie
Get the full experience! Sign up to access transcripts, personalized summaries, and more features.
Episode Description
Maddie Stone is a security researcher for Google’s Project Zero. In this episode we hear what it’s like battling zero day vulnerabilities.
Sponsors
Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com.
Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.
Sources
https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/yu-vb2013.pdf
https://www.youtube.com/watch?v=s0Tqi7fuOSU
https://www.vice.com/en/article/4x3n9b/sometimes-a-typo-means-you-need-to-blow-up-your-spacecraft
Listen to Episode
AI-Generated Summary
The Dawn of Software Engineering
The episode begins with a fascinating exploration of the history of software engineering, tracing back to the 1950s when NASA was pioneering space travel. Jack Ricider describes how the lack of software engineers at that time led to catastrophic events, such as the destruction of the Mariner 1 spacecraft due to a simple coding error—a missing dash in the algorithm. This incident highlighted the need for software engineering as a discipline, catalyzing the formalization of software engineering practices that we recognize today.
Meet Maddie Stone
Maddie Stone, a security researcher for Google’s Project Zero, shares her journey into the cybersecurity field. With a background in computer science and even Russian language studies, Maddie’s path took her from reverse engineering firmware and hardware at the Applied Physics Lab at Johns Hopkins to leading a team tackling Android malware at Google, specifically through reverse engineering malicious apps to protect users. Her affinity for low-level programming languages like assembly sheds light on her deep understanding of the inner workings of computer systems.
Battling Zero-Day Vulnerabilities
The essence of Maddie's work revolves around identifying zero-day vulnerabilities—critical bugs in software that are actively exploited by attackers. The discussion covers how her team at Project Zero not only detects these vulnerabilities but also develops strategies to mitigate them, working to close the gap between public knowledge of vulnerabilities and the secret techniques used by attackers. Maddie explains how public awareness can shift the tide against cyber threats.
The Realities of Malware Analysis
Maddie delves into her experiences analyzing malware, giving an insight into the types of threats she encounters. The episode shares exciting stories of malware like JinMaster that prey on unsuspecting users by disguising themselves as legitimate applications. She illustrates the meticulous process of reverse engineering malware to understand its behavior and protect users from attacks, as well as the ethical dilemmas involved when tackling nation-state threats.
The Cybersecurity Arms Race
The dialogue transitions to the broader implications of nation-state cyberattacks, emphasizing the ongoing arms race in cybersecurity. Maddie discusses how attackers seek to find, exploit, and weaponize vulnerabilities, while defenders like herself work tirelessly to patch those vulnerabilities and expose the attackers' methods. There's a philosophical undertone regarding the ethics of cybersecurity, with Maddie highlighting how her work aims to protect vulnerable populations and ensure a safer digital landscape.
Ready to get started?
Join other podcast enthusiasts who are getting podcast summaries.
Sign Up Free