Josh Bressers & Kurt Seifried

Open Source Security Podcast

A security podcast hosted by Kurt Seifried and Jo…
Open Source Security Podcast


A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.





Episode 169 - What happens when leadership doesn't care about security?

Nov 11, 2019 31:20


Josh and Kurt talk about government security incidents. The security concerns at the government level often have real life and death consequences. What happens when the leadership knowingly disregards security policy?

Show Notes Breaking into a SCIF Whitehouse cybersecurity team Bugged typewriter

Episode 168 - The draconian draconians of DRM

Nov 3, 2019 30:55


Josh and Kurt talk about the social norms of security. We also discuss security coprocessors and the reasons behind adding them to hardware. Is DRM a draconian security measure or do we need it to secure the future? We also touch on the story of NordVPN getting hacked. The real story isn't they got hacked, the story is they responded like clowns. The actual problem was one of leadership, there are certain leadership skills you can't be taught, you can only learn.

Show Notes Before Windows boots protections

Episode 167 - Security is terrible because digital literacy is terrible

Oct 28, 2019 35:19


Josh and Kurt talk about the horrid state of digital literacy in the US. We start out talking about broken Phillips Hue light bulbs, then discuss research from Pew on the digital literacy of Americans. We may have accidentally discovered a use for all the cookie warnings every web site has.

Show Notes Pew Research on American's Digitcal Literacy

Episode 166 - Every day should be cybersecurity awareness month!

Oct 21, 2019 24:39


Josh and Kurt about cybersecurity awareness month. What's our actionable advice we can give out? There isn't much which is a fundamental part of the problem.

Show Notes Cybersecurity awareness month Polar bear sized pigs

Episode 165 - Grab Bag of Microsoft Security News

Oct 13, 2019 27:45


Josh and Kurt about a number of Microsoft security news items. They've changed how they are handling encrypted disks and are now forcing cloud logins on Windows users.

Show Notes Microsoft KB 4516071 A Security Market for Lemons Kurt's file wiping advisory Lock Picking Lawyer vs Consumer Reports Sun Ray Linux Gamers: 20% of auto reported crashes

Episode 164 - DNS over HTTPS: Probably not the end of the world

Oct 7, 2019 30:03


Josh and Kurt about DNS over HTTPS and how it may or may not destroy civilization. We also discuss the disruption of cloud in the context of security and touch on the news that GitHub is now a CVE CNA!

Show Notes DNS over HTTPS California Privacy Law Defensive Security Podcast GitHub is a CNA

Episode 163 - Death to Python 2

Sep 30, 2019 33:22


Josh and Kurt about the upcoming Python 2 EOL. What does it mean, why does it matter, and what you can you do?

Show Notes Python Clock Python's statement about sunsetting Python 2 wifi 6

Episode 162 - SBOM with Allan Friedman

Sep 23, 2019 30:35


Josh and Kurt speak with Allan Friedman of the US National Telecommunications and Information Administration about Software Bill of Materials. Where are we today, where are things going, and how you can help. 

Show Notes Allan Friedman NTIA NTIA Software Component Transparency 

Episode 161 - Human nature and ad powered open source

Sep 16, 2019 29:19


Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source?

Show Notes thegrugq secure android DoD JEDI program Firefox privacy settings Standard ads Max Headroom

Episode 160 - Disclosing security issues is insanely complicated: Part 2

Sep 9, 2019 31:11


Josh and Kurt talk about disclosing security flaws in open source. This is part two of a discussion around how to disclose security issues. This episode focuses on some expectations and behaviors for open source projects as well as researchers trying to disclose a problem to a project.

Show Notes webmin backdoor Github security advisories

Episode 159 - Disclosing security issues is insanely complicated: Part 1

Sep 2, 2019 29:23


Josh and Kurt talk about disclosing security flaws. It's a topic that's come up a few times in the last few weeks and it's more complicated than it's ever been. We certainly ask more questions than we answer in this episode, there will be a part 2 that focuses on open source disclosure.

Show Notes Lock Picking Lawyer Tavis' Windows flaw 

Episode 158 - The mess that we call credit agencies in the US

Aug 26, 2019 27:48


Josh and Kurt talk about the current state of credit security freezes in the US. We recount a thrilling tale of all the things Josh had to do to get new Internet service. It was all quite silly really.

Show Notes Weak security freeze pins 'null' license plate

Episode 157 - Backdoors and snake oil in our cryptography

Aug 19, 2019 30:58


Josh and Kurt talk about snakeoil cryptography at Black Hat and the new backdoored cryptography fight. Both of these problems will be with us for a very long time. These are fights worth fighting because it's the right thing to do.

Show Notes Time AI video  Kurt's Tweet about technical explanations  Josh's blog post about bug training Schneier on Barr's encryption discussion

Episode 156 - What if we MitM a whole country?

Jul 29, 2019 29:57


Josh and Kurt talk about Kazakhstan requiring citizens to place a government controlled root CA certificate on their computers. How does this work. What does it mean for the citizens of Kazakhstan, and why we all should be paying attention.

Show Notes Kazakhstan MitM all TLS traffic Mozilla bug

Episode 155 - Stealing cars and ransomware

Jul 22, 2019 27:22


Josh and Kurt talk about a new way to steal cars because a service didn't do proper background checks. We also discuss how this relates to working with criminals, such as ransomware, and what it means for the future of the ransomware industry.

Show Notes Car2go theft Alberta driver's license security Albertosaurus  Las Vegas won't pay a ransom

Episode 154 - Chat with the authors of the book "The Fifth Domain"

Jul 16, 2019 31:17


Josh and Kurt talk to the authors of a new book The Fifth Domain. Dick Clarke and Rob Knake join us to discuss the book, cybersecurity, US policy, how we got where we are today and what the future holds for cybersecurity.

Show Notes The Fifth Domain Dick Clarke Rob Knake Future State Podcast

Episode 153 - The unexpected security of AI, photographs, and VPN

Jul 8, 2019 34:33


Josh and Kurt talk about user expectations around Facebook's AI. Normal people are starting to see the capabilities and potential risk with all these services. We also cover the topic of China owning a number of VPN services.

Episode 152 - Tavis breaks the world ... again

Jul 1, 2019 30:40


Josh and Kurt talk about the disclosure of security vulnerabilities. It's still not a settled topic, we frame the conversation around a recent disclosure from Tavis Ormandy of Google Project Zero.

Episode 151 - The DARPA Cyber Grand Challenge with David Brumley

Jun 24, 2019 30:12


Josh and Kurt talk to David Brumley. The CEO of ForAllSecure and professor at CMU. We discuss when David's team won the Cyber Grand Challenge, what the future of automated security looks like, and what ForAllSecure is doing. It's a fascinating window into the future of the industry.

Episode 150 - Our ad funded dystopian present

Jun 17, 2019 30:09


Josh and Kurt talk about the future Chrome and ad blockers. There is a lot of nuance to unpack around this one. There are two versions of the Internet today. One with an ad blocker and one without. The Internet without an ad blocker is a dystopian nightmare. The actionable advice at the end of this one is to use Firefox.

Episode 149 - Chat with Michael Coates about data security

Jun 10, 2019 26:27


Josh and Kurt have a chat with Michael Coates from Altitude Networks. We cover what Altitude is up to as well as general trends we're seeing around data security in the cloud. Michael lays out his vision for "data first security".

Episode 148 - You just got pwnt, what now?

Jun 3, 2019 29:21


Josh and Kurt talk about public disclosure. We start out with a story about Canva, then discuss what do you do if you have a security incident? Who do you tell, what do you tell them. How do you tell your story? It's a really hard problem even if it's something you've done many times in the past.

Episode 147 - Scams and operations as part of the supply chain

May 27, 2019 30:27


Josh and Kurt talk about a new type of lockbox scams. We also discuss Slack being a target for nation state attacks. Do you consider your operations part of your supply chain?It's totally part of your supply chain.

Episode 146 - What the @#$% happened to Microsoft?

May 20, 2019 32:24


Josh and Kurt talk about Microsoft. They're probably not the bad guys anymore, which is pretty wild. They're adding a Linux kernel to Window. Can we declare open source the unquestionable winner now?

Episode 145 - What do security and fire have in common?

May 13, 2019 34:20


Josh and Kurt talk about fire. We discuss the history of fire prevention and how it mirrors many of things we see in security. There are lessons there for us, we just hope it doesn't take 2000 years like it did for proper fire prevention to catch on.

Episode 144 - The security of money, which one is best?

May 6, 2019 33:34


Josh and Kurt talk about the security of money. Not how to keep it secure, but the security issues around using cash, credit, and bitcoin. We also talk about Banksy's clever method for proving something is original.

Episode 143 - Security lessons from the phone book

Apr 29, 2019 34:40


Josh and Kurt talk about the phone book (yeah, the big paper book people used to use). Kurt got one in the mail. While it's certainly a relic from another time, there were security tips in it among other wild things.

Episode 142 - Hypothetical security: what if you find a USB flash drive?

Apr 21, 2019 31:27


Josh and Kurt talk about what one could do if you find a USB drive. The context is based on the story where the Secret Service was rumored to have plugged a malicious USB drive into a computer. The purpose of discussion is to explore how to handle a situation like this in the real world. We end the episode with a fantastic comparison of swim safety and security.

Episode 141 - Timezones are hard, security is harder

Apr 15, 2019 36:14


Josh and Kurt talk about the difficulty of security. We look at the difficulty of the EU not observing daylight savings time, which is probably magnitudes easier than getting security right. We also hit on a discussion on Reddit about U2F that shows the difficulty. Security today is too hard, even for the experts.

Episode 140 - Good enough security is a pretty high bar

Apr 8, 2019 34:20


Josh and Kurt talk about identity. It's a nice example we can generally understand in the context of how much security is enough security? When we deal with identity the idea of good enough is often acceptable for the vast majority of uses. Perfect identity tracking isn't really a thing nor is it practical.

Episode 139 - Secure voting, firefox send, and toxic comments on the internet

Apr 1, 2019 30:57


Josh and Kurt talk about Brexit, voting, Firefox send, and toxic comments. Is there anything we can do to slow the current trend of conversation on the Internet always seeming to spiral out of control? The answer is maybe with a lot of asterisks.

Episode 138 - Information wants to be free

Mar 25, 2019 32:19


Josh and Kurt talk about a prank gone wrong, the reality of when your data ends up public. Once it's public you can't ever put it back. We also discuss Notepad++ no longer signing releases and what signing releases means for the world in general.

Episode 137.5 - Holy cow Beto was in the cDc, this is awesome!

Mar 18, 2019 35:17


Josh and Kurt talk about Beto being in the Cult of the Dead Cow (cDc). This is a pretty big deal in a very good way. We hit on some history, why it's a great thing, what we can probably expect from opponents. There's even some advice at the end how we can all help. We need more politicians with backgrounds like this.

Episode 137 - When the IoT attacks!

Mar 11, 2019 30:34


Josh and Kurt talk about when devices attack! It's not quite that exciting, but there have been a slew of news about physical devices causing problems for humans. We end on the note that we're getting closer to a point when lawyers and regulators will start to pay attention. We're not there yet, so we still have a horrible insecure future on the horizon.

Episode 136 - How people feel is more important than being right

Mar 4, 2019 31:35


Josh and Kurt talk about github blocking the Deepfakes repository. There's a far bigger discussion about how people feel, and sometimes security fails to understand that making people feel happy or safer is more important than being right.

Episode 135 - Passwords, AI, and cloud strategy

Feb 25, 2019 30:38


Josh and Kurt talk about change your password day (what a terrible day). Google's password checkup (not a terrible idea), an AI finding new spice flavors we expect will one day take over the world, and we finish up on a new DoD cloud strategy. Also Josh burnt his finger, but is going to be OK.

Episode 134 - What's up with the container runc security flaw?

Feb 18, 2019 28:58


Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like.

Episode 133 - Smart locks and the government hacking devices

Feb 11, 2019 31:10


Josh and Kurt talk about the fiasco hacks4pancakes described on Twitter and what the future of smart locks will look like. We then discuss what it means if the Japanese government starts hacking consumer IoT gear, is it ethical? Will it make anything better?

Episode 132 - Bird Scooter: 0, Cory Doctorow: 1

Feb 4, 2019 30:11


Josh and Kurt talk about the Bird Scooter vs Corey Doctorow incident. We then get into some of the social norms around new technology and what lessons the security industry can take from something new like shared scooters.

Episode 131 - Windows micropatches, Google's privacy fine, and Mastercard fixes trial abuse

Jan 28, 2019 33:26


Josh and Kurt talk about non-Microsoft Windows micropatches. The days of pretending closed source matters are long gone. Google gets hit with a privacy fine, that probably won't matter. And Mastercard makes it easier for consumers to not accidentally sign up for services they don't want.

Episode 130 - Chat with Snyk co-founder Danny Grander

Jan 21, 2019 34:03


Josh and Kurt talk to Danny Grander one of the co-founders of Snyk about Zip Slip, what it is, how to fix it, and how they disclosed everything. We also touch on plenty of other open source security topics as Danny is involved in many aspects of open source security.

Episode 129 - The EU bug bounty program

Jan 14, 2019 33:15


Josh and Kurt talk about the EU bug bounty program. There have been a fair number of people complaining it's solving the wrong problem, but it's the only way the EU has to spend money on open source today. If that doesn't change this program will fail.

Episode 128 - Australia's encryption backdoor bill

Jan 7, 2019 32:59


Josh and Kurt talk about Australia's recently passed encryption bill. What is the law that was passed, what does it mean, and what are the possible outcomes? The show notes contain a flow chart of possible outcomes.

2018 Christmas Special - Is Santa GDPR compliant?

Dec 24, 2018 37:37


Josh and Kurt talk about which articles of the GDPR apply to Santa, and if he's following the rules the way he should be (spoiler, he's probably not). Should Santa be on his own naughty list? We also create a new holiday character - George the DPO Elf!

Episode 127 - Walled gardens, appstores, and more

Dec 17, 2018 35:00


Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here, everything from Windows, Android, iOS, even Linux distributions.

Episode 126 - The not so dire future of supply chain security

Dec 10, 2018 33:13


Josh and Kurt continue the discussion from episode 125. We look at the possible future of software supply chains. It's far less dire than previously expected. It's likely there will be some change in the

Episode 125 - Open Source, supply chains, npm, and you

Dec 3, 2018 31:04


Josh and Kurt talk about how open source deals with malicious events. It's probably impossible to stop these from happening, but the open source universe deals with it in its own unique way. We start to discuss what you can do, since everyone is using open source everywhere now. There will be a second part to this episode where we discuss what the future holds for these sort of problems.

Episode 124 - Cloudflare's service workers and the economics of security

Nov 26, 2018 34:04


Josh and Kurt talk about Cloudflare's new Workers service. We spend a lot of time discussing how economics drives technology, not security. It's quite likely this new service is less secure than existing alternatives, but it will be cheaper and faster which will matter more than security.

Episode 123 - Talking about Kubernetes and container security with Liz Rice

Nov 19, 2018 27:52


Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.

Episode 122 - What will Apple's T2 chip mean for the rest of us?

Nov 12, 2018 33:04


Josh and Kurt talk about Apple's new T2 security chip. It's not open source but we expect it to change the security landscape in the coming years.

Episode 121 - All about the security of voting

Nov 5, 2018 36:48


Josh and Kurt talk about voting security. What does it mean, how does it work. What works, what doesn't work, and most importantly why we may not see secure electronic voting anytime soon.

Episode 120 - Bloomberg and hardware backdoors - it's already happening

Oct 29, 2018 30:56


Josh and Kurt talk about Bloomberg's story about backdoors and motherboards. The story is probably false, but this is almost certainly happening already with hardware. What does it mean if your hardware is already backdoored by one or more countries?

Episode 119 - The Google+ and Facebook incidents, it's not your data anymore

Oct 22, 2018 31:38


Josh and Kurt talk about the Google+ and Facebook data incidents. We don't have any control over this data anymore. The incidents didn't really affect the users because we have no idea who has access to it. We also touch on GDPR and what it could mean in this context.

Episode 118 - Cloudflare's IPFS and onion service

Oct 15, 2018 30:49


Josh and Kurt talk about Cloudflare's new IPFS and Onion services. One brings distributed blockchain files to the masses, the other lets you host your site on tor easily.

Episode 117 - Will security follow Linus' lead on being nice?

Oct 8, 2018 31:02


Josh and Kurt talk about Linus' effort to work on his attitude. What will this mean for security and IT in general?

Episode 116 - The future of the CISO with Michael Piacente

Oct 1, 2018 30:31


Josh and Kurt talk to Michael Piacente from Hitch Partners about the past, present, and future role of the CISO in the industry.

Episode 115 - Discussion with Brian Hajost from SteelCloud

Sep 24, 2018 30:16


Josh and Kurt talk to Brian Hajost from SteelCloud about public sector compliance. The world of public sector compliance can be confusing and strange, but it's not that bad when it's explained by someone with experience.

Episode 114 - Review of "Click Here to Kill Everybody"

Sep 17, 2018 30:50


Josh and Kurt review Bruce Schneier's new book Click Here to Kill Everybody. It's a book everyone could benefit from reading. It does a nice job explaining many existing security problems in a simple manner.

Episode 113 - Actual real security advice

Sep 10, 2018 30:38


Josh and Kurt talk about actual real world advice. Based on a story about trying to secure political campaigns, if we had to give some security help what should it look like, who should we give it to?

Episode 112 - Google's Titan Key and the latest Struts issue

Sep 3, 2018 29:06


Josh and Kurt talk about the new Google Titan security key. There are some in the industry uneasy about the supply chain for the devices. We also discuss the latest Struts security issue. Struts is old and scary now, stop using it.

Episode 111 - The TLS 1.3 and DNS episode

Aug 27, 2018 32:39


Josh and Kurt talk about TLS 1.3 and DNS. What can we expect from the future for these, how are they related (or not related). We touch on DNSSEC and why it probably won't matter. DNS over TLS is looking pretty great though. There is also a guest appearance from quantum crypto.

Episode 110 - Review of Black Hat, Defcon, and the effect of security policies

Aug 19, 2018 34:49


Josh and Kurt talk about Black Hat and Defcon and how unexciting they have become. What happened with hotels at Defcon, and more importantly how many security policies have 2nd and 3rd level effects we often can't foresee. We end with important information about pizzza, bananas, and can openers.

Episode 109 - OSCon and actionable advice

Aug 13, 2018 34:18


Josh and Kurt talk about phishing training and how it doesn't really matter. Josh spoke at OSCon and comes back with some fun observations and advice. People want practical actionable advice and we're not good at that.

Episode 108 - Bluetooth, phishing, airgaps, and eating soup off the floor

Aug 6, 2018 30:35


Josh and Kurt talk about the latest attack on bluetooth and discuss phishing in the modern world. U2F is a great way to stop phishing, training is not. We also discuss airgaps in response to attacks on airgapped power utilities.

Episode 107 - The year of the Linux Desktop and other hardware stories

Jul 30, 2018 29:04


Josh and Kurt talk about modern hardware, how security relates to devices and actions. Everything from secure devices, to the cables we use, to thermal cameras and coat hangers. We end the conversation discussing the words we use and how they affect the way people see us and themselves.

Episode 106 - Data isn't oil, it's nuclear waste

Jul 23, 2018 29:54


Josh and Kurt talk about Cory Doctorow's piece on Facebook data privacy. It's common to call data the new oil but it's more like nuclear waste. How we fix the data problem in the future is going to require solutions we can't yet imagine as well as new ways of thinking about the problems.

Episode 105 - More backdoors in open source

Jul 16, 2018 31:45


Josh and Kurt talk about some recent backdoor problems in open source packages. We touch on is open source secure, how that security works, and what it should look like in the future. This problem is never going to go away or get better, and that's probably OK.

Episode 104 - The Gentoo security incident

Jul 9, 2018 33:14


Josh and Kurt talk about the Gentoo security incident. Gentoo did a really good job being open and dealing with the incident quickly. The basic takeaway from all this is make sure your organization is forcing users to use 2 factor authentication. The long term solution is going to be all identity providers forcing everyone to use 2FA.

Episode 103 - The Seven Properties of Highly Secure Devices

Jul 2, 2018 33:23


Josh and Kurt talk about a Microsoft Research paper titled "The Seven Properties of Highly Secure Devices". We take a real world view into how to secure our devices. What works, what doesn't work, and why this list is actually really good.

Episode 102 - Michael Feiertag from tCell

Jun 25, 2018 30:50


Josh and Kurt talk to Michael Feiertag, the CEO of tCell. We talk about what a Web Application Firewall is, what it does and doesn't do, and what the future of this technology looks like. We touch on how this affects a DevOps environment. Security has to fit into the existing model, not try to change it. 

Episode 101 - Our unregulated future is here to stay

Jun 17, 2018 32:46


Josh and Kurt talk about Bird scooters. The implications of the scooters on the city, segways, bicycles. The topic of how these vehicles interact with pedestrians on the road and trails. It's an example of humans not wanting to follow the rules and generally making the situation annoying for everyone. It's the old security story of new technology without clear rules. The show ends with some horrifying numbers behind how bad things can get before people really care.

Episode 100 - You're bad at buying security, we can help!

Jun 11, 2018 35:54


Josh and Kurt talk about how to be a smart security buyer. We have guest Steve Mayzak walk us through how a the buying process works as well as giving out a ton of great advice. Even if you're experienced with how to buy security technology you should give this a listen.

Episode 99 - Consumer security is too broken to fix, and it doesn't matter

Jun 4, 2018 34:20


Josh and Kurt talk about a number of consumer security issues. The FBI told everyone to reboot their routers which they won't do. The .app top level domain is a cesspool of malware. Everyone has a cell phone and won't update them properly. None of this probably matters though. Unless there are real measurable tragedies caused by this tech, people tend not to really care.

Episode 98 - When IT decisions kill people

May 28, 2018 34:24


Josh and Kurt talk about the NTSB report from the fatal Uber crash and what happened with Amazon's Alexa recording then emailing a private conversation. IT decisions now have real world consequences like never before.

Episode 97 - Automation: Humans are slow and dumb

May 20, 2018 33:08


Josh and Kurt talk about the security of automation as well as automating security. The only way automation will really work long term is full automation. Humans can't be trusted enough to rely on them to do things right.

Episode 96 - Are legal backdoors a good idea?

May 11, 2018 32:54


Josh and Kurt talk about backdoors in code and products that have been put there on purpose. We talk about unlocking phones. Encryption backdoors with a focus on why they won't work.

Episode 95 - Twitter passwords and npm backdoors

May 7, 2018 29:32


Josh and Kurt talk about Twitter doing the right thing when they logged a lot of passwords and the npm malicious getcookies package and how backdoors work in code.

Episode 94 - DNSSEC, BGP, and reality

Apr 30, 2018 28:18


Josh and Kurt talk about the Amazon Route 53 incident and what it really means for the modern infrastructure. Complaining nobody is using DNSSEC or securing BGP aren't the right conversations to be having. Reality must be considered in any honest conversation about these topics.

Episode 93 - Security flaws in beep and patch, how did we get here?

Apr 15, 2018 36:04


Josh and Kurt talk about security flaws in beep and patch. How on earth were there security flaws in beep and patch?

Episode 92 - Chat with Rami Saas the CEO of WhiteSource

Apr 15, 2018 33:34


Josh and Kurt talk to Rami Saas, the CEO of WhiteSource about 3rd party open source security as well as open source licensing.

Episode 91 - Security lessons from a 7 year old

Apr 8, 2018 19:04


Josh and Kurt talk to a 7 year old about security. We cover Minecraft security, passwords, hacking, and many many other nuggets of wisdom.

Episode 90 - Humans and misinformation

Apr 2, 2018 36:26


Josh and Kurt talk about all the current misinformation, how humans react to it, and what it means for security.

Episode 89 - Short selling AMD security flaws

Mar 25, 2018 34:00


Josh and Kurt talk about the recent AMD flaws and the events surrounding the disclosure.

Episode 88 - Chat with Chris Rosen from IBM about Container Security

Mar 18, 2018 32:59


Josh and Kurt talk about container security with IBM's Chris Rosen.

Episode 87 - Chat with Let's Encrypt co-founder Josh Aas

Mar 11, 2018 38:33


Josh and Kurt talk about Let's Encrypt with co-founder Josh Aas. We discuss the past, present, and future of the project.

Episode 86 - What happens when 23 thousand certificates leak?

Mar 3, 2018 34:24


Josh and Kurt talk about the Trustico certificate incident and Let's Encrypt.


Episode 85 - NPM ate my files

Feb 23, 2018 32:17


Josh and Kurt talk about the npm 5.7.0 debacle.

Episode 84 - Have I been pwned?

Feb 23, 2018 31:55


Josh and Kurt talk about the new password data dump from Have I been pwned?

Episode 83 - XKCD + CVE = XKCVE

Feb 21, 2018 31:12


Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials.

Episode 82 - RSA, TLS, Chrome HTTP, and PCI

Feb 13, 2018 29:53


Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome.

Episode 81 - Autosploit, bug bounties, and the future of security

Feb 7, 2018 31:37


Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats.

Episode 80 - GPS tracking and jamming

Jan 31, 2018 33:42


Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing.

Episode 79 - Skyfall: please don't yell 'fire'

Jan 24, 2018 55:46


Josh and Kurt talk about Skyfall, fake reports, risk, logging, and how a civilized society functions.

Episode 78 - Risk lessons from Hawaii

Jan 16, 2018 52:59


Josh and Kurt talk about the accidental missile warning in Hawaii. We also discuss general preparedness and risk.

Episode 77 - npm and the supply chain

Jan 10, 2018 01:00:10


Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.

Episode 76 - Meltdown aftermath

Jan 7, 2018 50:34


Josh and Kurt talk about the aftermath of Meltdown. The details of the flaw are probably less interesting than what happens now.

Episode 75 - Security Planner review

Dec 19, 2017 01:03:09


Josh and Kurt talk about the Security Planner website. It's pretty good all things considered.

Episode 74 - Facial recognition and physical security

Dec 13, 2017 42:56


Josh and Kurt talk about facial recognition, physical security, banking, and Amazon Alexa.

Episode 73 - Security from Santa

Dec 6, 2017 01:00:49


Josh and Kurt talk about basic security metrics and security from Santa. Is Santa GDPR compliant?

Episode 72 - Bitcoin: It's over 9000

Nov 28, 2017 52:40


Josh and Kurt talk about Bitcoin, blockchain, and other cryptocurrencies.

Episode 71 - GitHub's Security Scanner

Nov 21, 2017 46:37


Josh and Kurt talk about GitHub's security scanner and Linus' security email. We clarify the esoteric difference between security bugs and non security bugs. 

Episode 70 - The security of Intel ME

Nov 14, 2017 49:19


Josh and Kurt talk about Intel ME, Equifax salary history, and IoT.

Episode 69 - Actionable security advice

Nov 7, 2017 46:52


Josh and Kurt talk about Amazon Key and actionable advice.

Episode 68 - Ruining the Internet

Nov 1, 2017 51:47


Josh and Kurt talk about Facebook listening to your microphone, Google Chrome certificate pinning, CAs, 152 ways to stay safe, and Kubernetes.

Episode 67 - Cyber won

Oct 24, 2017 38:04


Josh and Kurt talk about hacking back, passwords, honeypots, and conspiracies.

Episode 66 - Objects in mirror are less terrible than they appear

Oct 15, 2017 45:14


Josh and Kurt talk about Equifax again, Kaspersky, TLS CAs, coming change, social security numbers, and Minecraft.

Episode 65 - Will aliens overthrow us before AI?

Oct 9, 2017 49:39


Josh and Kurt talk about Apple, Equifax, passwords, AI, and aliens.

Episode 64 - Networks and Dnsmasq and IoT oh my

Oct 3, 2017 52:03


Josh and Kurt talk about networks, Dnsmasq, IoT, and our coming security dystopian future.

Episode 63 - Shoot, Shovel, and Bury

Sep 26, 2017 58:58


Josh and Kurt talk about the Equifax breach (again) and what it will mean for all of us. Blueborne comes up, as well as #TrevorForget.

Episode 62 - All about the Equifax hack

Sep 11, 2017 01:05:34


Josh and Kurt talk about the Equifax breach and what it will mean for all of us.