Stop being the monkey’s paw

Tonight while I was handing out candy on Halloween as the children came to the door trick-or-treating getting whatever candy I’ve not yet eaten. I started thinking about scary stories the security universe. Some of the things we do in Security could be compared to the old fable of the cursed monkey’s paw, which isContinue reading “Stop being the monkey’s paw”

Episode 11 – The Poison Candy Episode

Josh and special guest host Dave Sirrine talk about Halloween, passwords, hardware timing attacks, chip and pin, security economics, SSL/TLS, and Mozilla enabling TLS 1.3 by default. Show Notes Risky Candy XKCD Password Strength Diceware Haswell Timing Attack Rowhammer on Android Eavesdropping keystrokes via VOIP SSL/TLS Timeline Comment on Twitter

Security is in the same leaky boat as the sysadmins

Sysadmins used to rule the world. Anyone who’s been around for more than a few years remembers the days when whatever the system administrator wanted, the system administrator got. They were the center of the business. Without them nothing would work. They were generally super smart and could quite often work magic with what theyContinue reading “Security is in the same leaky boat as the sysadmins”

Everything you know about security is wrong

If I asked everyone to tell me what security is, what do you do about it, and why you do it. I wouldn’t get two answers that were the same. I probably wouldn’t even get two that are similar. Why is this? After recording Episode 9 of the Open Source Security Podcast I co-host, IContinue reading “Everything you know about security is wrong”

IoT Can Never Be Fixed

This title is a bit click baity, but it’s true, not for the reason you think. Keep reading to see why. If you’ve ever been involved in keeping a software product updated, I mean from the development side of things, you know it’s not a simple task. It’s nearly impossible really. The biggest problem isContinue reading “IoT Can Never Be Fixed”

Episode 9 – Are bug bounties measuring the wrong things?

Kurt and Josh discuss responsible disclosure, irresponsible disclosure, bug bounties, measuring security, usability AND security, as well as quality of life. Show Notes Responsible Disclosure OpenSSL Security Policy Rain Forest Puppy Policy ISO 29147 Facebook Bug Bounty Security Spending Security AND Usability Comment on Twitter

Can I interest you in talking about Security?

I had a discussion last week with some fellow security folks about how we can discuss security with normal people. If you pay attention to what’s going on, you know the security people and the non security people don’t really communicate well. We eventually made our way to comparing what we do to the doorContinue reading “Can I interest you in talking about Security?”

Episode 8 – The primality of prime numbers

Kurt and Josh discuss prime numbers (probably getting a lot of it wrong), Samsung, passwords, National Cyber Security Awareness Month, and bathroom scales. Show Notes New Prime Number Research Randomness testing Kurt’s Repo of Primes DNSSEC Signing Ceremony Magento Skimmer XKCD Wrench Comic Firesheep National Cyber Security Awareness Month Stop Trying to Fix the UserContinue reading “Episode 8 – The primality of prime numbers”

Episode 7 – More Powerful than root!

Kurt and Josh discuss the ORWL computer, crashing systemd with one line, NIST, and a security journal. Show Notes Physically secure open source computer Ancient Linux fax machine firmware systemd one liner crash Open security journal Let’s Encrypt Random Numbers in Go DRAFT Vulnerability Description Ontology Comment on Twitter