Episode 23 – We can’t patch people

Josh and Kurt talk about scareware, malware, and how hard this stuff is to stop, and how the answer isn’t fixing people. Show Notes Bitsquatting Typosquatting L.A. Phishing Uber Email IDS Infomercial subreddit (Where did the soda go?) Super Mario Run Malware Booba Methbot Sumitomo copper affair Comment on Twitter with the #osspodcast hashtag

The art of cutting edge, Doom 2 vs the modern Security Industry

During the holiday, I started playing Doom 2. I bet I’ve not touched this game in more than ten years. I can’t even remember the last time I played it. My home directory was full of garbage and it was time to clean it up when I came across doom2.wad. I’ve been carrying this fileContinue reading “The art of cutting edge, Doom 2 vs the modern Security Industry”

Episode 22 – IoT Wild West

Josh and Kurt talk about planned obsolescence and IoT devices. Should manufacturers brick devices? We also have a crazy discussion about the ethics of hacking back. Show Notes First Uses of Coffee Did coffee cause the enlightenment? Nest bricks Revolv devices Phoebus Cartel Verizon will brick the Note 7 Trolley Problem Toaster toasts the weather 80% ofContinue reading “Episode 22 – IoT Wild West”

Episode 21 – CVE 10K Extravaganza

Josh and Kurt talk about CVE 10K. CVE IDs have finally crossed the line, we need 5 digits to display them. This has never happened before now. Show Notes OpenSSH CVE10K assignments CVE-2016-10005 CVE syntax change CVE Numbering Authorities OpenSSH Security Advisory C to HDL Reboot Boeing Dreamliner One person writes most Linux video camera drivers DonaldContinue reading “Episode 21 – CVE 10K Extravaganza”

Does "real" security matter?

As the dumpster fire that is 2016 crawls to the finish line, we had another story about a massive Yahoo breach. 1 billion user accounts had data stolen. Just to give some context here, that has to be hundreds of gigabytes at an absolute minimum. That’s a crazy amount of data. And nobody really cares.Continue reading “Does "real" security matter?”

Episode 20 – The Death of PGP

Josh and Kurt talk about the death of PGP, and how it’s not actually dead at all. It’s still really hard to use though. Show Notes I’m giving up on PGP Yubikey 4 Josh’s PGP setup blog post Kurt’s key with multiple signatures PGP short ID collisons Let’s Encrypt ICQ website from the late 90’s Signal SecureContinue reading “Episode 20 – The Death of PGP”

Episode 19 – A field full of razor blades and monsters

Josh and Kurt talk about the bricking devices (on purpose). Show Notes Samsung will brick the Note 7s Verizon won’t brick the phones Hoverboard imports banned Firestone tire recall Denmark Apple refurbished phone case Deprecating SHA1 South Korean Banking Encryption Canada’s Worst Driver Fitbit bought Pebble Comment on Twitter with the #osspodcast hashtag

Episode 18 – The Security of Santa

Josh and Kurt talk about the security concerns and logistics of Santa, elves, and the North Pole. Show Notes Elf on the Shelf Furby without fur Norad Tracks Santa Futurama Xmas St. Nicholas David Sedaris on Santa US Senate Candy Desk You need 76 days to read all privacy statements Mona Lisa Theft Super Guppy LSST DataContinue reading “Episode 18 – The Security of Santa”

Airports, Goats, Computers, and Users

Last week I had the joy traveling through airports right after the United States Thanksgiving holiday. Now I don’t know how many of you have ever tried to travel the week after Thanksgiving but it’s kind of crazy, there are a lot of people, way more than usual, and a significant number of them haveContinue reading “Airports, Goats, Computers, and Users”