We love to do security reviews on the projects, products, and services our companies use. Security reviews are one of those ways we can show how important security is. If those reviews didn’t get done we might end up using a service that could put our users and data at risk. Every good horror storyContinue reading “Security reviews and microservices”
Josh and Kurt talk about TLS 1.3 and DNS. What can we expect from the future for these, how are they related (or not related). We touch on DNSSEC and why it probably won’t matter. DNS over TLS is looking pretty great though. There is also a guest appearance from quantum crypto. Show Notes Cloudflare TLS 1.3Continue reading “Episode 111 – The TLS 1.3 and DNS episode”
The best part about getting to give a security talk at OSCON is I’m not talking to a security audience, I get to talk to developers about security. Developers, the ones who do the actual work, sometimes in spite of their security teams causing friction and slowing things down.
Josh and Kurt talk about Black Hat and Defcon and how unexciting they have become. What happened with hotels at Defcon, and more importantly how many security policies have 2nd and 3rd level effects we often can’t foresee. We end with important information about pizza, bananas, and can openers. Show Notes Kids hacking voting machines Black HatContinue reading “Episode 110 – Review of Black Hat, Defcon, and the effect of security policies”
Josh and Kurt talk about phishing training and how it doesn’t really matter. Josh spoke at OSCon and comes back with some fun observations and advice. People want practical actionable advice and we’re not good at that. Show Notes Traffic cone costume Azure Linux Masterlock Speed Dial Join our Facebook Group Comment on Twitter with the #osspodcastContinue reading “Episode 109 – OSCon and actionable advice”
Josh and Kurt talk about the latest attack on bluetooth and discuss phishing in the modern world. U2F is a great way to stop phishing, training is not. We also discuss airgaps in response to attacks on airgapped power utilities. Show Notes ECDH in Bluetooth Diffie-Hellman with paint Google Phishing Hackers jumped air gaps Portable secure dataContinue reading “Episode 108 – Bluetooth, phishing, airgaps, and eating soup off the floor”