The Economics of stealing a Tesla with a phone

A few days ago there was a story about how to steal a Tesla by installing malware on the owner’s phone. If you look at the big picture view of this problem it’s not all that bad, but our security brains want to make a huge deal out of this. Now I’m not saying that Tesla shouldn’tContinue reading “The Economics of stealing a Tesla with a phone”

Fast security is the best security

DevOps security is a bit like developing without a safety net. This is meant to be a reference to a trapeze act at the circus for those of you who have never had the joy of witnessing the heart stopping excitement of the circus trapeze. The idea is that when you watch a trapeze actContinue reading “Fast security is the best security”

Who cares if someone hacks my driveway camera?

I keep hearing something from people about IoT that reminds me of the old saying, if you’ve done nothing wrong, you have nothing to fear. This attitude is incredibly dangerous in the context of IoT devices (it’s dangerous in all circumstances honestly). The way I keep hearing this in the context of IoT is somethingContinue reading “Who cares if someone hacks my driveway camera?”

Episode 12 – Security Trebuchet

Josh and special guest host Dave Sirrine talk about feedback, OpenSSL, OAuth2, Let’s Encrypt, disclosure, and locks. Show Notes coh’s feedback OpenSSL security advisory Red Hat CLI security API Shovel Knight Pumpkin OAuth2 bug Let’s Encrypt Half of all Chrome connections use https Google’s Windows Bug RichSec (Richmond VA Information Security Users Group) RVASec (Yearly conference inContinue reading “Episode 12 – Security Trebuchet”

Free security is the only security that really works

There are certain things people want and will pay for. There are things they want and won’t. If we look at security it’s pretty clear now that security is one of those things people want, but most won’t pay for. The insane success of Let’s Encrypt is where this thought came from. Certificates aren’t new,Continue reading “Free security is the only security that really works”