Josh Bressers & Kurt Seifried

Open Source Security Podcast

A security podcast hosted by Kurt Seifried and Jo…
Open Source Security Podcast

Description

A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.

Link: opensourcesecuritypodcast.com

Categories

Technology

Episodes

Episode 191 - Security scanners are all terrible

Apr 6, 2020 35:18

Description:

Josh and Kurt talk about security scanners. They're all pretty bad today, but there are some things we can do to make them better. Step one is to understand the problem. Do you know why you're running the scanner and what the reports mean?

Show Notes Edmonton freeze thaw cycles Josh's security scanner blog series

Episode 190 - Building a talent "ecosystem"

Apr 5, 2020 32:03

Description:

Josh and Kurt talk about building a talent ecosystem. What starts out as an attempt by Kurt to talk about Canada evolves into a discussion about how talent can evolve, or be purposely grown. Canada's entertainment industry and Unit 8200 are good examples of this.

Show Notes SCTV Red Team Project Moon Shot book  AvE channel  Turning a tree root into a bowl  Mailing the Hope Diamond The Ecosystem

Episode 189 - Video game hackers - speedrunning

Mar 30, 2020 33:43

Description:

Josh and Kurt talk about video games and hacking. Specifically how speed runners are really just video game hackers.

Show Notes Developer speedrun commentary Super Mario World end credits glitch explained Mario 3 RCE Breath of the Wild speedrun Super Metroid reverse boss order TMR beats every NES game

Episode 188 - Depressing news sucks, we're talking about cheating in video games

Mar 23, 2020 31:01

Description:

Josh and Kurt talk about video games. Yeah, video games. Specifically about cheating in video games. There's a lot of other security themes in the discussion. With the news being horrible these days, we needed to talk about something fun.

Show Notes Penny Arcade Banned from Fortnite Apollo Robbins, world's best pickpocket

Episode 187 - Wireguard vs IPsec: the OK Boomer of security

Mar 15, 2020 30:07

Description:

Josh and Kurt talk about Wireguard. There have been a lot of recent conversations about it and if it's better or worse than other VPN solutions. It's safe to say in our modern age, less is usually more, especially when it comes to security. Wireguard has a lot going for it, it can't be ignored.

Show Notes Replacing a Nintendo Switch fan WireGuard Hacker News discussion

Episode 186 - Endpoint security with Tony Meehan

Mar 8, 2020 30:23

Description:

Josh and Kurt talk to Tony Meehan from Elastic (formerly Endgame) about endpoint detection, response, protection, and even SIEM. Tony has a great history coming from the NSA and has a number of great stories to help understand the topics.

Show Notes Tony Meehan  Rob Joyce on Disrupting Nation State Hackers Bobby Filar living off the land blog Dwell time graph  Snowboarder vs Tree

Episode 185 - Is it even possible to fix open source security?

Mar 2, 2020 31:55

Description:

Josh and Kurt talk about the Linux Foundation Census 2. There is a lot of talk around how to fix open source security, but the reality is we can't fix it. We need to stop trying to fix what isn't broken and engineering around the system we have, not the system we want.

Show Notes Linux Foundation Census 2 Core Infrastructure Initiative

Episode 184 - It’s DNS. It's always DNS

Feb 24, 2020 33:03

Description:

Josh and Kurt talk about the sale of the corp.com domain. Is it going to be the end of the world, or a non event? We disagree on what should happen with it. Josh hopes an evildoer buys it, Kurt hopes for Microsoft. We also briefly discuss the CIA owning Crypto AG.

Show Notes corp.com is for sale CIA owned Crypto AG

Episode 183 - The great working from home experiment

Feb 17, 2020 32:32

Description:

Josh and Kurt talk about a huge working from home experiment because of the the Coronavirus. We also discuss some of the advice going on around the outbreak, as well as how humans are incredibly good at ignoring good advice, often to their own peril. Also an airplane wheel falls off.

Show Notes Work from home Hacker News discussion CDC advice How to wash your hands Air Canada flight without running wather Airplane wheel falling off

Episode 182 - Does open source owe us anything?

Feb 10, 2020 28:42

Description:

Josh and Kurt talk about open source maintainers and building communities. While an open source maintainer doesn't owe anyone anything, there are some difficult conversations around holding back a community rather than letting it flourish.

Show Notes Actix-web story Lodash Possible Lodash security issue  Javascript libraries are almost never updated Ularn

Episode 181 - The security of SIM swapping

Feb 3, 2020 32:28

Description:

Josh and Kurt talk about SIM swapping. What is it, how does it work. Why should you care? There's not a ton you can do to protect yourself, but we go over some of the basic concepts and what to watch out for. It's unfortunate this is still a problem.

Show Notes Five Major US Wireless Carriers Are Vulnerable to SIM Swapping Edmonton Police SIM swap website

Episode 180 - A Tale of Two Vulnerabilities

Jan 27, 2020 31:07

Description:

Josh and Kurt talk about two recent vulnerabilities that have had very different outcomes. One was the Citrix remote code execution flaw. While the flaw is bad, the handling of the flaw was possibly worse than the flaw itself. The other was the Microsoft ECC encryption flaw. It was well handled even though it was hard to understand and it is a pretty big deal. As all these things go, fixing and disclosing vulnerabilities is hard.

Show Notes Microsoft flaw CVE-2020-0601 Citrix flaw CVE-2019-19781 Citrix mitigation instructions

Episode 179 - Google Project Zero and the 90 day clock

Jan 20, 2020 31:25

Description:

Josh and Kurt talk about the updated Google Project Zero disclosure policy. What's the new policy, what does it mean, and will it really matter? We suspect it will improve some things, but won't drastically change much.

Show Notes Google and 90 day patch disclosure Upgrading all Windows versions

Episode 178 - Are CVEs important and will ransomware put you out of business?

Jan 13, 2020 32:36

Description:

Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don't think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won't create any substantial change in the industry.

Show Notes Games Done Quick  Ransomware puts company out of business 1 in 5 companies shut down due to ransomware  Laura Shin SIM Swap Podcast

Episode 177 - Fake or real? The security of counterfeit goods

Jan 6, 2020 29:58

Description:

Josh and Kurt talk about marketplace safety and security. Will we ever see an end to the constant flow of counterfeit goods? The security industry has the same problem the marketplace industry has, without substantial injury we don't see movement towards meaningful change.

Show Notes BrickLink Cars in Canada lighting on fire  President Roosevelt used Al Capone's Limo Dangerous car seats Fake external hard drive

Episode 176 - The 'predictions are stupid' prediction episode

Dec 30, 2019 32:13

Description:

Josh and Kurt talk about security predictions for 2020. None of the predictions are even a bit controversial or unexpected. We're in a state of slow change, without disruptive technology next year will look a lot like this year.

Show Notes The Rising Speed of Technological Adoption Slack Certified GDPR Fines and Notices

Episode 175 - Defenders will always be one step behind

Dec 23, 2019 30:27

Description:

Josh and Kurt talk about the opportunistic nature of crime. Defenders have to defend, which means the adversaries are by definition always a step ahead. We use the context of automobile crimes to frame the discussion.

Show Notes Stealing cars with radio relays RTL Software Defined Radio Canada most stolen car

Episode 174 - GitHub turns security up to 11; A discussion with Rob Schultheis

Dec 16, 2019 29:41

Description:

Josh and Kurt talk to Rob Schultheis from GitHub about some of the amazing projects GitHub is working on. We discuss GitHub security advisories, getting a CVE from GitHub, and what the new GitHub Security Lab is doing. It's a great conversation about how GitHub is working to make security better for all of us.

Show Notes GitHub Security Advisories GitHub CVE requests GitHub Security Lab GitHub Security Lab Slack GitHub Security Lab Twitter

Episode 173 - Ho Ho Homeland Security

Dec 9, 2019 34:52

Description:

Josh Santa and Kurt talk the border nightmare Santa Clause has to deal with as he traverses the globe. Questions we explore include: Are the reindeer farm animals? Is the North Pole a farm? Is Santa an intellectual property thief? Does Krampus eat politicians? Does Santa have a passport? Does Santa have an emergency radio?

Show Notes Pirate Joes

Episode 172 - The security of planned obsolescence

Dec 2, 2019 32:08

Description:

Josh and Kurt talk about the security implications of planned obsolescence. We use Intel's recent decision to remove old drivers from their website as the start of the conversation. By the end we realize this is more of a decision society needs to understand and make more than anything. Is constantly throwing out technology OK?

Show Notes Intel removes old drivers Upgrading all versions of Windows Sniffing your Smart TV

Episode 171 - Measuring cybersecurity with Kathryn Waldron

Nov 25, 2019 30:52

Description:

 

Josh and Kurt talk to Kathryn Waldron of the R Street Institute about a paper she recently published that collects a number of cybersecurity measuring devices in one place.

Show Notes Kathryn Waldron Kathryn's Twitter account Resources for Measuring Cybersecurity There are 14 standards

Episode 170 - Until that quantum computer is cracking RSA keys, go sit back down!

Nov 17, 2019 31:57

Description:

Josh and Kurt talk about banking and privacy. It's very likely nothing will get better anytime soon, humans will continue to be terrible at understanding certain risks. We also discuss what quantum supremacy means (or doesn't  mean) for security.

Show Notes National Bank Privacy Issues Quantum Supremecy Claims Hype Cycle Scottish person talking to Siri SMBC Quantum Comic

Episode 169 - What happens when leadership doesn't care about security?

Nov 11, 2019 31:20

Description:

Josh and Kurt talk about government security incidents. The security concerns at the government level often have real life and death consequences. What happens when the leadership knowingly disregards security policy?

Show Notes Breaking into a SCIF Whitehouse cybersecurity team Bugged typewriter

Episode 168 - The draconian draconians of DRM

Nov 3, 2019 30:55

Description:

Josh and Kurt talk about the social norms of security. We also discuss security coprocessors and the reasons behind adding them to hardware. Is DRM a draconian security measure or do we need it to secure the future? We also touch on the story of NordVPN getting hacked. The real story isn't they got hacked, the story is they responded like clowns. The actual problem was one of leadership, there are certain leadership skills you can't be taught, you can only learn.

Show Notes Before Windows boots protections

Episode 167 - Security is terrible because digital literacy is terrible

Oct 28, 2019 35:19

Description:

Josh and Kurt talk about the horrid state of digital literacy in the US. We start out talking about broken Phillips Hue light bulbs, then discuss research from Pew on the digital literacy of Americans. We may have accidentally discovered a use for all the cookie warnings every web site has.

Show Notes Pew Research on American's Digitcal Literacy

Episode 166 - Every day should be cybersecurity awareness month!

Oct 21, 2019 24:39

Description:

Josh and Kurt about cybersecurity awareness month. What's our actionable advice we can give out? There isn't much which is a fundamental part of the problem.

Show Notes Cybersecurity awareness month Polar bear sized pigs

Episode 165 - Grab Bag of Microsoft Security News

Oct 13, 2019 27:45

Description:

Josh and Kurt about a number of Microsoft security news items. They've changed how they are handling encrypted disks and are now forcing cloud logins on Windows users.

Show Notes Microsoft KB 4516071 A Security Market for Lemons Kurt's file wiping advisory Lock Picking Lawyer vs Consumer Reports Sun Ray Linux Gamers: 20% of auto reported crashes

Episode 164 - DNS over HTTPS: Probably not the end of the world

Oct 7, 2019 30:03

Description:

Josh and Kurt about DNS over HTTPS and how it may or may not destroy civilization. We also discuss the disruption of cloud in the context of security and touch on the news that GitHub is now a CVE CNA!

Show Notes DNS over HTTPS California Privacy Law Defensive Security Podcast GitHub is a CNA

Episode 163 - Death to Python 2

Sep 30, 2019 33:22

Description:

Josh and Kurt about the upcoming Python 2 EOL. What does it mean, why does it matter, and what you can you do?

Show Notes Python Clock Python's statement about sunsetting Python 2 wifi 6

Episode 162 - SBOM with Allan Friedman

Sep 23, 2019 30:35

Description:

Josh and Kurt speak with Allan Friedman of the US National Telecommunications and Information Administration about Software Bill of Materials. Where are we today, where are things going, and how you can help. 

Show Notes Allan Friedman NTIA NTIA Software Component Transparency 

Episode 161 - Human nature and ad powered open source

Sep 16, 2019 29:19

Description:

Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source?

Show Notes thegrugq secure android DoD JEDI program Firefox privacy settings Standard ads Max Headroom

Episode 160 - Disclosing security issues is insanely complicated: Part 2

Sep 9, 2019 31:11

Description:

Josh and Kurt talk about disclosing security flaws in open source. This is part two of a discussion around how to disclose security issues. This episode focuses on some expectations and behaviors for open source projects as well as researchers trying to disclose a problem to a project.

Show Notes webmin backdoor Github security advisories

Episode 159 - Disclosing security issues is insanely complicated: Part 1

Sep 2, 2019 29:23

Description:

Josh and Kurt talk about disclosing security flaws. It's a topic that's come up a few times in the last few weeks and it's more complicated than it's ever been. We certainly ask more questions than we answer in this episode, there will be a part 2 that focuses on open source disclosure.

Show Notes Lock Picking Lawyer Tavis' Windows flaw 

Episode 158 - The mess that we call credit agencies in the US

Aug 26, 2019 27:48

Description:

Josh and Kurt talk about the current state of credit security freezes in the US. We recount a thrilling tale of all the things Josh had to do to get new Internet service. It was all quite silly really.

Show Notes Weak security freeze pins 'null' license plate

Episode 157 - Backdoors and snake oil in our cryptography

Aug 19, 2019 30:58

Description:

Josh and Kurt talk about snakeoil cryptography at Black Hat and the new backdoored cryptography fight. Both of these problems will be with us for a very long time. These are fights worth fighting because it's the right thing to do.

Show Notes Time AI video  Kurt's Tweet about technical explanations  Josh's blog post about bug training Schneier on Barr's encryption discussion

Episode 156 - What if we MitM a whole country?

Jul 29, 2019 29:57

Description:

Josh and Kurt talk about Kazakhstan requiring citizens to place a government controlled root CA certificate on their computers. How does this work. What does it mean for the citizens of Kazakhstan, and why we all should be paying attention.

Show Notes Kazakhstan MitM all TLS traffic Mozilla bug

Episode 155 - Stealing cars and ransomware

Jul 22, 2019 27:22

Description:

Josh and Kurt talk about a new way to steal cars because a service didn't do proper background checks. We also discuss how this relates to working with criminals, such as ransomware, and what it means for the future of the ransomware industry.

Show Notes Car2go theft Alberta driver's license security Albertosaurus  Las Vegas won't pay a ransom

Episode 154 - Chat with the authors of the book "The Fifth Domain"

Jul 16, 2019 31:17

Description:

Josh and Kurt talk to the authors of a new book The Fifth Domain. Dick Clarke and Rob Knake join us to discuss the book, cybersecurity, US policy, how we got where we are today and what the future holds for cybersecurity.

Show Notes The Fifth Domain Dick Clarke Rob Knake Future State Podcast

Episode 153 - The unexpected security of AI, photographs, and VPN

Jul 8, 2019 34:33

Description:

Josh and Kurt talk about user expectations around Facebook's AI. Normal people are starting to see the capabilities and potential risk with all these services. We also cover the topic of China owning a number of VPN services.

Episode 152 - Tavis breaks the world ... again

Jul 1, 2019 30:40

Description:

Josh and Kurt talk about the disclosure of security vulnerabilities. It's still not a settled topic, we frame the conversation around a recent disclosure from Tavis Ormandy of Google Project Zero.

Episode 151 - The DARPA Cyber Grand Challenge with David Brumley

Jun 24, 2019 30:12

Description:

Josh and Kurt talk to David Brumley. The CEO of ForAllSecure and professor at CMU. We discuss when David's team won the Cyber Grand Challenge, what the future of automated security looks like, and what ForAllSecure is doing. It's a fascinating window into the future of the industry.

Episode 150 - Our ad funded dystopian present

Jun 17, 2019 30:09

Description:

Josh and Kurt talk about the future Chrome and ad blockers. There is a lot of nuance to unpack around this one. There are two versions of the Internet today. One with an ad blocker and one without. The Internet without an ad blocker is a dystopian nightmare. The actionable advice at the end of this one is to use Firefox.

Episode 149 - Chat with Michael Coates about data security

Jun 10, 2019 26:27

Description:

Josh and Kurt have a chat with Michael Coates from Altitude Networks. We cover what Altitude is up to as well as general trends we're seeing around data security in the cloud. Michael lays out his vision for "data first security".

Episode 148 - You just got pwnt, what now?

Jun 3, 2019 29:21

Description:

Josh and Kurt talk about public disclosure. We start out with a story about Canva, then discuss what do you do if you have a security incident? Who do you tell, what do you tell them. How do you tell your story? It's a really hard problem even if it's something you've done many times in the past.

Episode 147 - Scams and operations as part of the supply chain

May 27, 2019 30:27

Description:

Josh and Kurt talk about a new type of lockbox scams. We also discuss Slack being a target for nation state attacks. Do you consider your operations part of your supply chain?It's totally part of your supply chain.

Episode 146 - What the @#$% happened to Microsoft?

May 20, 2019 32:24

Description:

Josh and Kurt talk about Microsoft. They're probably not the bad guys anymore, which is pretty wild. They're adding a Linux kernel to Window. Can we declare open source the unquestionable winner now?

Episode 145 - What do security and fire have in common?

May 13, 2019 34:20

Description:

Josh and Kurt talk about fire. We discuss the history of fire prevention and how it mirrors many of things we see in security. There are lessons there for us, we just hope it doesn't take 2000 years like it did for proper fire prevention to catch on.

Episode 144 - The security of money, which one is best?

May 6, 2019 33:34

Description:

Josh and Kurt talk about the security of money. Not how to keep it secure, but the security issues around using cash, credit, and bitcoin. We also talk about Banksy's clever method for proving something is original.

Episode 143 - Security lessons from the phone book

Apr 29, 2019 34:40

Description:

Josh and Kurt talk about the phone book (yeah, the big paper book people used to use). Kurt got one in the mail. While it's certainly a relic from another time, there were security tips in it among other wild things.

Episode 142 - Hypothetical security: what if you find a USB flash drive?

Apr 21, 2019 31:27

Description:

Josh and Kurt talk about what one could do if you find a USB drive. The context is based on the story where the Secret Service was rumored to have plugged a malicious USB drive into a computer. The purpose of discussion is to explore how to handle a situation like this in the real world. We end the episode with a fantastic comparison of swim safety and security.

Episode 141 - Timezones are hard, security is harder

Apr 15, 2019 36:14

Description:

Josh and Kurt talk about the difficulty of security. We look at the difficulty of the EU not observing daylight savings time, which is probably magnitudes easier than getting security right. We also hit on a discussion on Reddit about U2F that shows the difficulty. Security today is too hard, even for the experts.

Episode 140 - Good enough security is a pretty high bar

Apr 8, 2019 34:20

Description:

Josh and Kurt talk about identity. It's a nice example we can generally understand in the context of how much security is enough security? When we deal with identity the idea of good enough is often acceptable for the vast majority of uses. Perfect identity tracking isn't really a thing nor is it practical.

Episode 139 - Secure voting, firefox send, and toxic comments on the internet

Apr 1, 2019 30:57

Description:

Josh and Kurt talk about Brexit, voting, Firefox send, and toxic comments. Is there anything we can do to slow the current trend of conversation on the Internet always seeming to spiral out of control? The answer is maybe with a lot of asterisks.

Episode 138 - Information wants to be free

Mar 25, 2019 32:19

Description:

Josh and Kurt talk about a prank gone wrong, the reality of when your data ends up public. Once it's public you can't ever put it back. We also discuss Notepad++ no longer signing releases and what signing releases means for the world in general.

Episode 137.5 - Holy cow Beto was in the cDc, this is awesome!

Mar 18, 2019 35:17

Description:

Josh and Kurt talk about Beto being in the Cult of the Dead Cow (cDc). This is a pretty big deal in a very good way. We hit on some history, why it's a great thing, what we can probably expect from opponents. There's even some advice at the end how we can all help. We need more politicians with backgrounds like this.

Episode 137 - When the IoT attacks!

Mar 11, 2019 30:34

Description:

Josh and Kurt talk about when devices attack! It's not quite that exciting, but there have been a slew of news about physical devices causing problems for humans. We end on the note that we're getting closer to a point when lawyers and regulators will start to pay attention. We're not there yet, so we still have a horrible insecure future on the horizon.

Episode 136 - How people feel is more important than being right

Mar 4, 2019 31:35

Description:

Josh and Kurt talk about github blocking the Deepfakes repository. There's a far bigger discussion about how people feel, and sometimes security fails to understand that making people feel happy or safer is more important than being right.

Episode 135 - Passwords, AI, and cloud strategy

Feb 25, 2019 30:38

Description:

Josh and Kurt talk about change your password day (what a terrible day). Google's password checkup (not a terrible idea), an AI finding new spice flavors we expect will one day take over the world, and we finish up on a new DoD cloud strategy. Also Josh burnt his finger, but is going to be OK.

Episode 134 - What's up with the container runc security flaw?

Feb 18, 2019 28:58

Description:

Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like.

Episode 133 - Smart locks and the government hacking devices

Feb 11, 2019 31:10

Description:

Josh and Kurt talk about the fiasco hacks4pancakes described on Twitter and what the future of smart locks will look like. We then discuss what it means if the Japanese government starts hacking consumer IoT gear, is it ethical? Will it make anything better?

Episode 132 - Bird Scooter: 0, Cory Doctorow: 1

Feb 4, 2019 30:11

Description:

Josh and Kurt talk about the Bird Scooter vs Corey Doctorow incident. We then get into some of the social norms around new technology and what lessons the security industry can take from something new like shared scooters.

Episode 131 - Windows micropatches, Google's privacy fine, and Mastercard fixes trial abuse

Jan 28, 2019 33:26

Description:

Josh and Kurt talk about non-Microsoft Windows micropatches. The days of pretending closed source matters are long gone. Google gets hit with a privacy fine, that probably won't matter. And Mastercard makes it easier for consumers to not accidentally sign up for services they don't want.

Episode 130 - Chat with Snyk co-founder Danny Grander

Jan 21, 2019 34:03

Description:

Josh and Kurt talk to Danny Grander one of the co-founders of Snyk about Zip Slip, what it is, how to fix it, and how they disclosed everything. We also touch on plenty of other open source security topics as Danny is involved in many aspects of open source security.

Episode 129 - The EU bug bounty program

Jan 14, 2019 33:15

Description:

Josh and Kurt talk about the EU bug bounty program. There have been a fair number of people complaining it's solving the wrong problem, but it's the only way the EU has to spend money on open source today. If that doesn't change this program will fail.

Episode 128 - Australia's encryption backdoor bill

Jan 7, 2019 32:59

Description:

Josh and Kurt talk about Australia's recently passed encryption bill. What is the law that was passed, what does it mean, and what are the possible outcomes? The show notes contain a flow chart of possible outcomes.

2018 Christmas Special - Is Santa GDPR compliant?

Dec 24, 2018 37:37

Description:

Josh and Kurt talk about which articles of the GDPR apply to Santa, and if he's following the rules the way he should be (spoiler, he's probably not). Should Santa be on his own naughty list? We also create a new holiday character - George the DPO Elf!

Episode 127 - Walled gardens, appstores, and more

Dec 17, 2018 35:00

Description:

Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here, everything from Windows, Android, iOS, even Linux distributions.

Episode 126 - The not so dire future of supply chain security

Dec 10, 2018 33:13

Description:

Josh and Kurt continue the discussion from episode 125. We look at the possible future of software supply chains. It's far less dire than previously expected. It's likely there will be some change in the

Episode 125 - Open Source, supply chains, npm, and you

Dec 3, 2018 31:04

Description:

Josh and Kurt talk about how open source deals with malicious events. It's probably impossible to stop these from happening, but the open source universe deals with it in its own unique way. We start to discuss what you can do, since everyone is using open source everywhere now. There will be a second part to this episode where we discuss what the future holds for these sort of problems.

Episode 124 - Cloudflare's service workers and the economics of security

Nov 26, 2018 34:04

Description:

Josh and Kurt talk about Cloudflare's new Workers service. We spend a lot of time discussing how economics drives technology, not security. It's quite likely this new service is less secure than existing alternatives, but it will be cheaper and faster which will matter more than security.

Episode 123 - Talking about Kubernetes and container security with Liz Rice

Nov 19, 2018 27:52

Description:

Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.

Episode 122 - What will Apple's T2 chip mean for the rest of us?

Nov 12, 2018 33:04

Description:

Josh and Kurt talk about Apple's new T2 security chip. It's not open source but we expect it to change the security landscape in the coming years.

Episode 121 - All about the security of voting

Nov 5, 2018 36:48

Description:

Josh and Kurt talk about voting security. What does it mean, how does it work. What works, what doesn't work, and most importantly why we may not see secure electronic voting anytime soon.

Episode 120 - Bloomberg and hardware backdoors - it's already happening

Oct 29, 2018 30:56

Description:

Josh and Kurt talk about Bloomberg's story about backdoors and motherboards. The story is probably false, but this is almost certainly happening already with hardware. What does it mean if your hardware is already backdoored by one or more countries?

Episode 119 - The Google+ and Facebook incidents, it's not your data anymore

Oct 22, 2018 31:38

Description:

Josh and Kurt talk about the Google+ and Facebook data incidents. We don't have any control over this data anymore. The incidents didn't really affect the users because we have no idea who has access to it. We also touch on GDPR and what it could mean in this context.

Episode 118 - Cloudflare's IPFS and onion service

Oct 15, 2018 30:49

Description:

Josh and Kurt talk about Cloudflare's new IPFS and Onion services. One brings distributed blockchain files to the masses, the other lets you host your site on tor easily.

Episode 117 - Will security follow Linus' lead on being nice?

Oct 8, 2018 31:02

Description:

Josh and Kurt talk about Linus' effort to work on his attitude. What will this mean for security and IT in general?

Episode 116 - The future of the CISO with Michael Piacente

Oct 1, 2018 30:31

Description:

Josh and Kurt talk to Michael Piacente from Hitch Partners about the past, present, and future role of the CISO in the industry.

Episode 115 - Discussion with Brian Hajost from SteelCloud

Sep 24, 2018 30:16

Description:

Josh and Kurt talk to Brian Hajost from SteelCloud about public sector compliance. The world of public sector compliance can be confusing and strange, but it's not that bad when it's explained by someone with experience.

Episode 114 - Review of "Click Here to Kill Everybody"

Sep 17, 2018 30:50

Description:

Josh and Kurt review Bruce Schneier's new book Click Here to Kill Everybody. It's a book everyone could benefit from reading. It does a nice job explaining many existing security problems in a simple manner.

Episode 113 - Actual real security advice

Sep 10, 2018 30:38

Description:

Josh and Kurt talk about actual real world advice. Based on a story about trying to secure political campaigns, if we had to give some security help what should it look like, who should we give it to?

Episode 112 - Google's Titan Key and the latest Struts issue

Sep 3, 2018 29:06

Description:

Josh and Kurt talk about the new Google Titan security key. There are some in the industry uneasy about the supply chain for the devices. We also discuss the latest Struts security issue. Struts is old and scary now, stop using it.

Episode 111 - The TLS 1.3 and DNS episode

Aug 27, 2018 32:39

Description:

Josh and Kurt talk about TLS 1.3 and DNS. What can we expect from the future for these, how are they related (or not related). We touch on DNSSEC and why it probably won't matter. DNS over TLS is looking pretty great though. There is also a guest appearance from quantum crypto.

Episode 110 - Review of Black Hat, Defcon, and the effect of security policies

Aug 19, 2018 34:49

Description:

Josh and Kurt talk about Black Hat and Defcon and how unexciting they have become. What happened with hotels at Defcon, and more importantly how many security policies have 2nd and 3rd level effects we often can't foresee. We end with important information about pizzza, bananas, and can openers.

Episode 109 - OSCon and actionable advice

Aug 13, 2018 34:18

Description:

Josh and Kurt talk about phishing training and how it doesn't really matter. Josh spoke at OSCon and comes back with some fun observations and advice. People want practical actionable advice and we're not good at that.

Episode 108 - Bluetooth, phishing, airgaps, and eating soup off the floor

Aug 6, 2018 30:35

Description:

Josh and Kurt talk about the latest attack on bluetooth and discuss phishing in the modern world. U2F is a great way to stop phishing, training is not. We also discuss airgaps in response to attacks on airgapped power utilities.

Episode 107 - The year of the Linux Desktop and other hardware stories

Jul 30, 2018 29:04

Description:

Josh and Kurt talk about modern hardware, how security relates to devices and actions. Everything from secure devices, to the cables we use, to thermal cameras and coat hangers. We end the conversation discussing the words we use and how they affect the way people see us and themselves.

Episode 106 - Data isn't oil, it's nuclear waste

Jul 23, 2018 29:54

Description:

Josh and Kurt talk about Cory Doctorow's piece on Facebook data privacy. It's common to call data the new oil but it's more like nuclear waste. How we fix the data problem in the future is going to require solutions we can't yet imagine as well as new ways of thinking about the problems.

Episode 105 - More backdoors in open source

Jul 16, 2018 31:45

Description:

Josh and Kurt talk about some recent backdoor problems in open source packages. We touch on is open source secure, how that security works, and what it should look like in the future. This problem is never going to go away or get better, and that's probably OK.

Episode 104 - The Gentoo security incident

Jul 9, 2018 33:14

Description:

Josh and Kurt talk about the Gentoo security incident. Gentoo did a really good job being open and dealing with the incident quickly. The basic takeaway from all this is make sure your organization is forcing users to use 2 factor authentication. The long term solution is going to be all identity providers forcing everyone to use 2FA.

Episode 103 - The Seven Properties of Highly Secure Devices

Jul 2, 2018 33:23

Description:

Josh and Kurt talk about a Microsoft Research paper titled "The Seven Properties of Highly Secure Devices". We take a real world view into how to secure our devices. What works, what doesn't work, and why this list is actually really good.

Episode 102 - Michael Feiertag from tCell

Jun 25, 2018 30:50

Description:

Josh and Kurt talk to Michael Feiertag, the CEO of tCell. We talk about what a Web Application Firewall is, what it does and doesn't do, and what the future of this technology looks like. We touch on how this affects a DevOps environment. Security has to fit into the existing model, not try to change it. 

Episode 101 - Our unregulated future is here to stay

Jun 17, 2018 32:46

Description:

Josh and Kurt talk about Bird scooters. The implications of the scooters on the city, segways, bicycles. The topic of how these vehicles interact with pedestrians on the road and trails. It's an example of humans not wanting to follow the rules and generally making the situation annoying for everyone. It's the old security story of new technology without clear rules. The show ends with some horrifying numbers behind how bad things can get before people really care.

Episode 100 - You're bad at buying security, we can help!

Jun 11, 2018 35:54

Description:

Josh and Kurt talk about how to be a smart security buyer. We have guest Steve Mayzak walk us through how a the buying process works as well as giving out a ton of great advice. Even if you're experienced with how to buy security technology you should give this a listen.

Episode 99 - Consumer security is too broken to fix, and it doesn't matter

Jun 4, 2018 34:20

Description:

Josh and Kurt talk about a number of consumer security issues. The FBI told everyone to reboot their routers which they won't do. The .app top level domain is a cesspool of malware. Everyone has a cell phone and won't update them properly. None of this probably matters though. Unless there are real measurable tragedies caused by this tech, people tend not to really care.

Episode 98 - When IT decisions kill people

May 28, 2018 34:24

Description:

Josh and Kurt talk about the NTSB report from the fatal Uber crash and what happened with Amazon's Alexa recording then emailing a private conversation. IT decisions now have real world consequences like never before.

Episode 97 - Automation: Humans are slow and dumb

May 20, 2018 33:08

Description:

Josh and Kurt talk about the security of automation as well as automating security. The only way automation will really work long term is full automation. Humans can't be trusted enough to rely on them to do things right.

Episode 96 - Are legal backdoors a good idea?

May 11, 2018 32:54

Description:

Josh and Kurt talk about backdoors in code and products that have been put there on purpose. We talk about unlocking phones. Encryption backdoors with a focus on why they won't work.

Episode 95 - Twitter passwords and npm backdoors

May 7, 2018 29:32

Description:

Josh and Kurt talk about Twitter doing the right thing when they logged a lot of passwords and the npm malicious getcookies package and how backdoors work in code.

Episode 94 - DNSSEC, BGP, and reality

Apr 30, 2018 28:18

Description:

Josh and Kurt talk about the Amazon Route 53 incident and what it really means for the modern infrastructure. Complaining nobody is using DNSSEC or securing BGP aren't the right conversations to be having. Reality must be considered in any honest conversation about these topics.

Episode 93 - Security flaws in beep and patch, how did we get here?

Apr 15, 2018 36:04

Description:

Josh and Kurt talk about security flaws in beep and patch. How on earth were there security flaws in beep and patch?

Episode 92 - Chat with Rami Saas the CEO of WhiteSource

Apr 15, 2018 33:34

Description:

Josh and Kurt talk to Rami Saas, the CEO of WhiteSource about 3rd party open source security as well as open source licensing.

Episode 91 - Security lessons from a 7 year old

Apr 8, 2018 19:04

Description:

Josh and Kurt talk to a 7 year old about security. We cover Minecraft security, passwords, hacking, and many many other nuggets of wisdom.

Episode 90 - Humans and misinformation

Apr 2, 2018 36:26

Description:

Josh and Kurt talk about all the current misinformation, how humans react to it, and what it means for security.

Episode 89 - Short selling AMD security flaws

Mar 25, 2018 34:00

Description:

Josh and Kurt talk about the recent AMD flaws and the events surrounding the disclosure.

Episode 88 - Chat with Chris Rosen from IBM about Container Security

Mar 18, 2018 32:59

Description:

Josh and Kurt talk about container security with IBM's Chris Rosen.

Episode 87 - Chat with Let's Encrypt co-founder Josh Aas

Mar 11, 2018 38:33

Description:

Josh and Kurt talk about Let's Encrypt with co-founder Josh Aas. We discuss the past, present, and future of the project.

Episode 86 - What happens when 23 thousand certificates leak?

Mar 3, 2018 34:24

Description:

Josh and Kurt talk about the Trustico certificate incident and Let's Encrypt.

 

Episode 85 - NPM ate my files

Feb 23, 2018 32:17

Description:

Josh and Kurt talk about the npm 5.7.0 debacle.

Episode 84 - Have I been pwned?

Feb 23, 2018 31:55

Description:

Josh and Kurt talk about the new password data dump from Have I been pwned?

Episode 83 - XKCD + CVE = XKCVE

Feb 21, 2018 31:12

Description:

Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials.

Episode 82 - RSA, TLS, Chrome HTTP, and PCI

Feb 13, 2018 29:53

Description:

Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome.

Episode 81 - Autosploit, bug bounties, and the future of security

Feb 7, 2018 31:37

Description:

Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats.

Episode 80 - GPS tracking and jamming

Jan 31, 2018 33:42

Description:

Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing.

Episode 79 - Skyfall: please don't yell 'fire'

Jan 24, 2018 55:46

Description:

Josh and Kurt talk about Skyfall, fake reports, risk, logging, and how a civilized society functions.

Episode 78 - Risk lessons from Hawaii

Jan 16, 2018 52:59

Description:

Josh and Kurt talk about the accidental missile warning in Hawaii. We also discuss general preparedness and risk.

Episode 77 - npm and the supply chain

Jan 10, 2018 01:00:10

Description:

Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.

Episode 76 - Meltdown aftermath

Jan 7, 2018 50:34

Description:

Josh and Kurt talk about the aftermath of Meltdown. The details of the flaw are probably less interesting than what happens now.

Episode 75 - Security Planner review

Dec 19, 2017 01:03:09

Description:

Josh and Kurt talk about the Security Planner website. It's pretty good all things considered.

Episode 74 - Facial recognition and physical security

Dec 13, 2017 42:56

Description:

Josh and Kurt talk about facial recognition, physical security, banking, and Amazon Alexa.

Episode 73 - Security from Santa

Dec 6, 2017 01:00:49

Description:

Josh and Kurt talk about basic security metrics and security from Santa. Is Santa GDPR compliant?

Episode 72 - Bitcoin: It's over 9000

Nov 28, 2017 52:40

Description:

Josh and Kurt talk about Bitcoin, blockchain, and other cryptocurrencies.

Episode 71 - GitHub's Security Scanner

Nov 21, 2017 46:37

Description:

Josh and Kurt talk about GitHub's security scanner and Linus' security email. We clarify the esoteric difference between security bugs and non security bugs. 

Episode 70 - The security of Intel ME

Nov 14, 2017 49:19

Description:

Josh and Kurt talk about Intel ME, Equifax salary history, and IoT.

Episode 69 - Actionable security advice

Nov 7, 2017 46:52

Description:

Josh and Kurt talk about Amazon Key and actionable advice.

Episode 68 - Ruining the Internet

Nov 1, 2017 51:47

Description:

Josh and Kurt talk about Facebook listening to your microphone, Google Chrome certificate pinning, CAs, 152 ways to stay safe, and Kubernetes.

Episode 67 - Cyber won

Oct 24, 2017 38:04

Description:

Josh and Kurt talk about hacking back, passwords, honeypots, and conspiracies.

Episode 66 - Objects in mirror are less terrible than they appear

Oct 15, 2017 45:14

Description:

Josh and Kurt talk about Equifax again, Kaspersky, TLS CAs, coming change, social security numbers, and Minecraft.

Episode 65 - Will aliens overthrow us before AI?

Oct 9, 2017 49:39

Description:

Josh and Kurt talk about Apple, Equifax, passwords, AI, and aliens.

Episode 64 - Networks and Dnsmasq and IoT oh my

Oct 3, 2017 52:03

Description:

Josh and Kurt talk about networks, Dnsmasq, IoT, and our coming security dystopian future.

Episode 63 - Shoot, Shovel, and Bury

Sep 26, 2017 58:58

Description:

Josh and Kurt talk about the Equifax breach (again) and what it will mean for all of us. Blueborne comes up, as well as #TrevorForget.

Episode 62 - All about the Equifax hack

Sep 11, 2017 01:05:34

Description:

Josh and Kurt talk about the Equifax breach and what it will mean for all of us.

Episode 61 - Market driven security

Sep 5, 2017 51:47

Description:

Josh and Kurt talk about our lack of progress in security, economics, and how to interact with peers.

Episode 60 - The official blockchain episode

Aug 30, 2017 46:20

Description:

Josh and Kurt talk about the eclipse and blockchain.

Episode 59 - The VPN Episode

Aug 15, 2017 56:12

Description:

Josh and Kurt talk about VPNs and the upcoming eclipse.

Episode 58 - Backwards compatibility to the point of insanity

Aug 9, 2017 55:27

Description:

Josh and Kurt talk about MalwareTech, Debian killing off TLS 1.0 and 1.1, auto safety, HBO, and npm not typo squatting.

Episode 57 - We may never see amazing security research ever again

Aug 1, 2017 53:12

Description:

Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.

Episode 56 - Devil's Advocate and other fuzzy topics

Jul 18, 2017 58:57

Description:

Josh and Kurt talk about forest fires, fuzzing, old time Internet, and Net Neutrality. Listen to Kurt play the Devil's Advocate and manage to change Josh's mind about net neutrality.

Episode 55 - Good Docs Ruin My Story

Jul 12, 2017 50:51

Description:

Josh and Kurt talk about Let's Encrypt, certificates, Kaspersky, A/V, code signing, Not Petya, self driving cars, and failures that become security problems.

Episode 54 - Turning Into An Old Person

Jul 4, 2017 56:31

Description:

Josh and Kurt talk about Canada Day, Not Petya, Interac goes down, Minecraft, airport security and books, then GDPR.

Episode 53 - A Plane Isn't Like A Car

Jun 28, 2017 48:59

Description:

Josh and Kurt talk about security through obscurity, airplanes, the FAA, the Windows source code leak, and chicken sandwiches.

Episode 52 - You Could Have Done It Right, But You Didn't

Jun 20, 2017 52:23

Description:

Josh and Kurt talk about the new StackClash flaw, Grenfell Tower, risk management, and backwards compatibility.

Episode 51 - All About CVE

Jun 12, 2017 54:14

Description:

Josh and Kurt talk to Dan Adinolfi about CVE. Most anything you ever wanted to know about CVE is discussed.

Episode 50 - This Is A Security Podcast After All

Jun 6, 2017 49:01

Description:

Josh and Kurt discuss Futurama, tornadoes, sudo, encryption, hacking back, and something called an ombudsman. Also episode 50!

Episode 49 - Testing Software Is Impossible

May 30, 2017 43:05

Description:

Josh and Kurt discuss Samba, FTP sites, MSDOS, regulation, and the airplane laptop travel ban.

Episode 48 - Machine Learning: Not Actually Magic

May 21, 2017 47:37

Description:

Josh and Kurt have a guest! Mike Paquette from Elastic discusses the fundamentals and basics of Machine Learning. We also discuss how ML could have helped with WannaCry.

Episode 47 - WannaCry: Everything Is Basically Broken

May 14, 2017 48:10

Description:

Josh and Kurt discuss the WannaCry worm.

Episode 46 - Turns Out I'm Not A Bad Guy

May 4, 2017 49:12

Description:

Josh and Kurt discuss the recent Google phish attack.

Episode 45 - Trust Is More Important Now Than The Truth

May 2, 2017 52:20

Description:

Josh and Kurt discuss not-counterfeit MTG cards, antivirus, squirrelmail, unroll.me, grsecurity, baby monitors, and trust.

Episode 44 - Bug Bounties Vs Pen Testing

Apr 25, 2017 50:03

Description:

Josh and Kurt discuss Lego, bug bounties, pen testing, thought leadership, cars, lemons, entropy, and CVE.

Episode 43 - We Are Totally Immature

Apr 19, 2017 01:00:35

Description:

Josh and Kurt discuss Shadow Brokers, pronouncing GIF, Atlanta's road problems, browser phishing, warning sirens, IoT, and fake Magic the Gathering cards.

Episode 42 - Hitchhiker's Guide To Security

Apr 13, 2017 01:07:01

Description:

Josh and Kurt discuss the security themes and events in the context of the HHGG movie.

Episode 41 - All Your Money Are Belong To Us

Apr 10, 2017 56:04

Description:

Josh and Kurt discuss airplane laptop bans, ATM hacking, pointing at things, and Certificate Authorities.

Episode 40 - Let's Fork Bitcoin, Again

Apr 2, 2017 01:00:28

Description:

Josh and Kurt discuss Verizon spyware, FCC privacy, Smart TVs, Tor's rewrite, Google's new operating system, bitcoin, and NanoCore.

Episode 39 - Flash On Your Dishwasher

Mar 28, 2017 58:30

Description:

Josh and Kurt discuss certificates, OpenSSL, dishwashers, Flash, and laptop travel bans.

Episode 38 - We Ruin Everything

Mar 22, 2017 58:19

Description:

Josh and Kurt discuss disclosing your password, pwn2own, wikileaks, Back Orifice, HTTPS inspection, and antivirus.

Episode 37 - Your Bathtub Is More Dangerous Than A Shark

Mar 9, 2017 52:16

Description:

Josh and Kurt discuss how the Vault 7 leaks shows we live in the Neuromancer world, and this is likely the new normal.

Episode 36 - A Good Enough Podcast

Mar 5, 2017 47:45

Description:

Josh and Kurt discuss an IoT bear, Alexa and Siri, Google's E2Email and S/MIME.

Episode 35 - Crazy Cosmic Accident

Feb 28, 2017 50:03

Description:

Josh and Kurt discuss SHA-1 and cloudbleed. Bug bounties come up, and we compare security to the Higgs boson. We also discuss IPv6 at the end.

Episode 34 - Bathing In Ebola Virus

Feb 22, 2017 54:00

Description:

Josh and Kurt discuss RSA, the cryptographer's panel and of course, AI.

Episode 33 - Everybody Who Went To The Circus Is In The Circus (RSA 2017)

Feb 15, 2017 36:11

Description:

Josh and Kurt are at the same place at the same time! We discuss our RSA sessions and how things went. Talk of CVE IDs, open source libraries, Wordpress, and early morning sessions.

Episode 32 - Gambling As A Service

Feb 8, 2017 51:24

Description:

Josh and Kurt discuss random numbers, a lot. Also slot machines, gambling, and dice.

Episode 31 - XML Is Never The Solution

Feb 1, 2017 53:28

Description:

Josh and Kurt discuss door locks, Ikea, chair testing sounds, electrical safety, autonomous cars, and XML vs JSON.

Episode 30 - I'm Not An Expert But I've Been Yelled At By Experts

Jan 25, 2017 58:45

Description:

Josh and Kurt discuss security automation. Machine learning, AI, and a bunch of moral and philosophical boundaries that new future will bring. You've been warned.

Episode 29 - The Security Of Rogue One

Jan 22, 2017 01:02:16

Description:

Josh and Kurt discuss the security of the movie Rogue One! Spoiler: Security in the Star Wars universe is worse than security in our universe.

Episode 28 - RSA Conference 2017

Jan 19, 2017 55:47

Description:

Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics.

Episode 27 - Prove To Me You Are Human

Jan 16, 2017 55:04

Description:

Josh and Kurt discuss NTP, authentication issues, network security, airplane security, AI, and Minecraft.

Episode 26 - Tell Your Sister, Stallman Was Right

Jan 12, 2017 54:14

Description:

Josh and Kurt end up discussing video game speed running, which is really just hacking. We also end up discussing the pitfalls of the modern world, you don't own your software or services. Stallman was right!

Episode 25 - The Future Is Now

Jan 9, 2017 55:15

Description:

Josh and Kurt end up discussing CES, IoT, WiFi everywhere, and the future.

Episode 24 - The 2016 Prediction Edition

Jan 3, 2017 56:22

Description:

Josh and Kurt discuss 2016 predictions in 2017, what they got right, what they got wrong, and a bunch of other random things.

Episode 23 - We Can't Patch People

Dec 28, 2016 53:07

Description:

Josh and Kurt talk about scareware, malware, and how hard this stuff is to stop, and how the answer isn't fixing people.

Episode 22 - IoT Wild West

Dec 24, 2016 46:46

Description:

Josh and Kurt talk about planned obsolescence and IoT devices. Should manufacturers brick devices? We also have a crazy discussion about the ethics of hacking back.

Episode 21 - CVE 10K Extravaganza

Dec 21, 2016 46:25

Description:

Josh and Kurt talk about CVE 10K. CVE IDs have finally crossed the line, we need 5 digits to display them. This has never happened before now.

Episode 20 - The Death Of PGP

Dec 19, 2016 49:45

Description:

Josh and Kurt talk about the death of PGP, and how it's not actually dead at all. It's still really hard to use though.

Episode 19 - A Field Full Of Razor Blades And Monsters

Dec 13, 2016 51:56

Description:

Josh and Kurt talk about the bricking devices (on purpose).

Episode 18 - The Security Of Santa

Dec 9, 2016 48:05

Description:

Josh and Kurt talk about the security concerns and logistics of Santa, elves, and the North Pole.

Episode 17 - Cyphercon Interview With Korgo

Dec 6, 2016 55:46

Description:

Josh and Kurt talk to Michael Goetzman about Cyphercon

Episode 16 - Cat And Mouse

Dec 2, 2016 49:42

Description:

Josh and Kurt talk about cybercrime and regulation.

Episode 15 - Cyber Black Monday

Nov 29, 2016 52:37

Description:

Josh and Kurt talk about Cyber Monday security tips.

Episode 14 - David A Wheeler: CII Badges

Nov 22, 2016 50:01

Description:

Josh and Kurt have a guest! David A. Wheeler talks about open source security and the CII Badges project.

Episode 13 - CVE: The Metric System Of Security

Nov 18, 2016 48:42

Description:

Josh and Kurt talk about CVE, DWF, and the future of flaw reporting.

Episode 12 - Security Trebuchet

Nov 10, 2016 47:54

Description:

Josh and special guest host Dave Sirrine talk about feedback, OpenSSL, OAuth2, Let's Encrypt, disclosure, and locks.

Episode 11 - The Poison Candy Episode

Oct 31, 2016 48:23

Description:

Josh and special guest host Dave Sirrine talk about Halloween, passwords, hardware timing attacks, chip and pin, security economics, SSL/TLS, and Mozilla enabling TLS 1.3 by default.

Episode 10 - The Super Botnet That Nobody Can Stop

Oct 24, 2016 49:21

Description:

Kurt and Josh discuss Dirty COW, the big IoT DDoS, and Josh can't pronounce Mirai or Dyn.

Episode 9 - Are Bug Bounties Measuring The Wrong Things

Oct 18, 2016 48:58

Description:

Kurt and Josh discuss responsible disclosure, irresponsible disclosure, bug bounties, measuring security, usability AND security, as well as quality of life.

Episode 8 - The Primality Of Prime Numbers

Oct 11, 2016 50:02

Description:

Kurt and Josh discuss prime numbers (probably getting a lot of it wrong), Samsung, passwords, National Cyber Security Awareness Month, and bathroom scales.

Episode 7 - More Powerful Than Root

Oct 3, 2016 50:19

Description:

Kurt and Josh discuss the ORWL computer, crashing systemd with one line, NIST, and a security journal.

Episode 6 - Foundational Knowledge Of Security

Sep 29, 2016 48:50

Description:

Kurt and Josh discuss interesting news stories

Episode 5 - OpenSSL: The Library We Deserve

Sep 29, 2016 26:59

Description:

Kurt and Josh discuss the recent OpenSSL update(s)

Episode 4 - Dead Squirrel In A Box

Sep 21, 2016 45:31

Description:

Josh and Kurt discuss news of the day, shipping, and container security

Episode - 3 The Lockpicking Sewing Circle

Sep 13, 2016 33:13

Description:

Josh and Kurt discuss news of the day, banks, 3D printing, and lockpicking.

Episode 2 - Instills The Proper Amount Of Fear

Sep 7, 2016 30:42

Description:

Episode 2 of the Open Source Security Podcast

Episode 1 - Rich History Of Security Flaws

Sep 6, 2016 33:17

Description:

Episode 1 of the Open Source Security Podcast