scott helme

This interview was recorded at GOTO Copenhagen for GOTO Unscripted.
http://gotopia.tech

Read the full transcription of this interview here

Andy Greenberg -  Author of "Sandworm" & "Tracers in the Dark" and Award-winning Senior Writer for WIRED
Scott Helme - Security Researcher, Hacker and Founder of Report URI & Security Headers

RESOURCES
Andy
https://twitter.com/a_greenberg
https://linkedin.com/in/andygreenbergjournalist
https://andygreenberg.net
https://www.wired.com/author/andy-greenberg
https://infosec.exchange/@agreenberg
@agreenberg.bksy.social

Scott
https://twitter.com/Scott_Helme
https://linkedin.com/in/scotthelme
https://scotthelme.co.uk
https://github.com/ScottHelme

DESCRIPTION
Andy Greenberg and Scott Helme explore the ever-evolving landscape of cyber crimes, discussing the anonymity of cryptocurrencies, the transition from cryptojacking to ransomware, and the enduring impact of blockchains on the realm of cyber security. They expose some of the most famous crytpojacking attacks of all time and reason about the unlimited potential of crime organizations that leverage cryptocurrencies.

RECOMMENDED BOOKS
Andy Greenberg • Tracers in the Dark
Andy Greenberg • Sandworm
Andy Greenberg • This Machine Kills Secrets
Thomas J. Holt, Adam M. Bossler & Kathryn C. Seigfried-Spellar • Cybercrime and Digital Forensics

Twitter
Instagram
LinkedIn
Facebook

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

In episode 72 of the We Hack Purple Podcast host Tanya Janca brings Scott Helme back on because she just cannot get enough when it comes to security headers! You can watch and listen to his first episode here (https://wehackpurple.com/podcast/episode-69-with-scott-helme/). In this episode we focus on the “new” security headers from Scott’s great blog article where he first introduced the public to them (https://scotthelme.co.uk/coop-and-coep/). The new security header’s focus on protecting us from side-channel attacks like Spectre and Meltdown, and we really honed in on how to configure each one, and why we would need or want them. The features are powerful, and we discussed building up to using them, for best results.

Part of the reason that Scott built SecurityHeaders.com was to contribute to solving the problem of ‘how do we get the message out there’. SecurityHeaders.com is an educational tool rather than any kind of definitive or perfect security assessment tool, but it’s still incredibly useful. He’s working hard to raise awareness, and podcast episodes like this can help. 

One of the most striking things Scott hears when teaching his and Troy Hunt’s ‘Hack Yourself First’ course when they talk about headers like CSP and HSTS, is: “Wow, I didn’t know this existed!” There is a huge gap that we need to bridge in security between these things existing, and people knowing they exist and then actually using them. This is a bug hurdle for folks like us.

We also talked a bit about how all of these security headers are able to create reports and tell you what’s up with your app. Lucky for us, Scott built Report-URI so we can receive those reports with ease! 

Scott also has another free tool he created: https://crawler.ninja/ too, where he scans the top 1 million sites every day and looks at various things, including their use of security headers. As an example, you can see this list of sites using a CSP from today: https://crawler.ninja/files/csp-sites.txt

Scott also creates reports using his crawler data that showing trends over time and changes in the usage of security features like various security headers: https://scotthelme.co.uk/tag/crawler-report/

Very special thanks to our sponsor: Women’s Society of Cyberjutsu! 

Women’s Society of Cyberjutsu are hosting CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards on June 24, 2023!!! The con Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more.  Participants will walk away with hands-on knowledge that can be applied immediately on the job. You can check out the event here: https://womenscyberjutsu.org/page/CyberCon2023

Join We Hack Purple!

Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new’, when and why we would use them. We spoke about why some security headers stopped being used, rogue certificate authorities, and so much more. In fact, at the end, we felt that didn’t get to finish all the things we wanted to say. There was so much more to dive into, meaning this is part 1 of a 2 part episode! 

Scott’s Bio:

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Scott’s Links:

https://scotthelme.co.uk

https://report-uri.com/

https://scotthelme.co.uk/tag/crawler-report/

https://crawler.ninja/ 

https://crawler.ninja/files/csp-sites.txt

Very special thanks to our sponsor: The Diana Initiative! 

A conference committed to helping all those underrepresented in Information Security: Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & Spa

Join We Hack Purple!

Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

This episode, we enjoy "Facebook Breach Time" and discuss some crazy vulnerabilities found in Tesla vehicles. We also breakdown our Big Topic of the week: What's a VPN?

Special guest Scott Helme, talks VPNs, Content Security Policy and bringing Hack Yourself First to the UK.

Tweet us @1Password.

We talked about...

• Latest Facebook security breach finds millions of records on Amazon servers
• Zuckerberg eats toast!
• Researchers trick Tesla’s Autopilot into driving into oncoming traffic
• Enter our giveaway! Tweet us a phrase for our next show with #wanttheshirt
• Follow Scott Helme on Twitter here.
• Find out more about Hack Yourself First UK here.

What the phrase?!

I will show you where lobsters spend the winter • A Russian way of threatening someone.

To enter our giveaway tweet us a phrase for the end of our next show and hashtag #wanttheshirt