Smashing Security podcast #469: What your Oura ring won’t tell you

This podcast episode reviews several security issues: a significant CISA-related data leak where a contractor publicly posted plaintext credentials (including privileged AWS GovCloud tokens) on a GitHub account after disabling secret-scanning, raising supply-chain and credential-rotation concerns; reporting on unencrypted or potentially exposed data from Oura wearable devices and attendant privacy/government-request transparency issues; and brief mentions of active malware campaigns (HimWolf IoT botnet, Ghost CMS compromises). The hosts emphasize operational failures, cultural and staffing problems at security agencies, and the importance of deterministic protections (e.g., content sanitization/CDR) to reduce risk.