Recording date: 2019-01-31

John Papa @John_Papa

Ward Bell @WardBell

Adam Baldwin @adam_baldwin

Resources:

• Details about the Event Stream Incident
• News about the Event Stream Incident
• Greenkeeper.io
• Package Locks
• Synk.io
• npm Audit
• Comparing npm audit with Snyk
• Private Packages
• Ways to Have Your Private npm Registry
• The Rogue Gallery of Cybersecurity Bad Actors
• FaceTime Audio Bug
• Two Factor Authentication
• HaveIBeenPwned
• How Serverless Works to Manage HaveIBeenPwned

Someone to follow

• @RachelTobac
• @Fox0x01
• @ReyBango
• TroyHunt
• @ManfredSteyer / Softwarearchitekt.at
• @ShmuelaJ / NG-Girls.org
• @JenLooper

Timejumps

• 00:57 Guest Introduction
• 02:23 Javascript security in the news
• 05:29 Should we be worried about this happening again?
• 06:54 What's the best course of action when you see security warnings?
• 08:56 What is Greenkeeper?
• 10:18 Sponsor: Nativescript
• 10:52 Comparing npm audit and snyk
• 14:33 What do people who want to have a corporate acccount do?
• 21:22 Using a real world example
• 24:08 Are there times where it can't figure out what to do?
• 26:16 Isn't there a way to just keep malware out of the registry?
• 28:22 Sponsor: IdeaBlade
• 29:23 What's a bad actor?
• 34:17 FaceTime group call bug
• 36:05 Recommended tips for security
• 39:34 What's the state of 2 factor auth?
• 42:31 When we pass software to clients, how can we secure things?
• 45:08 Someone to follow