Josh and Kurt talk about the safety and liability of new devices. What happens when your doorbell can burn down your house? What if it’s your fault the doorbell burned down your house? There isn’t really any prior art for where our devices are taking us, who knows what the future will look like. ShowContinue reading “Episode 225 – Who is responsible if IoT burns down your house?”
Author Archives: Josh Bressers
We can’t move forward by looking back
For the last few weeks Kurt and I have been having a lively conversation about security ratings scales. Is CVSS good enough? What about the Microsoft scale? Are there other scales we should be looking at? What’s good, what’s missing, what should we be talking about. There’s been a lot of back and forth andContinue reading “We can’t move forward by looking back”
Episode 224 – Are old Android devices dangerous?
Josh and Kurt talk about what happens when important root certificates expire on old Android devices? Who should be responsible? How can we fix this? Is this even something we can or should fix? How devices should age is a really hard problem that needs a lot of discussion. Show Notes Unboxing coins Old AndroidContinue reading “Episode 224 – Are old Android devices dangerous?”
Episode 223 – Full disclosure won, deal with it
Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you look at the current state of things, this discussion is settled, full disclosure won. Show NotesContinue reading “Episode 223 – Full disclosure won, deal with it”
Episode 222 – HashiCorp Boundary with Jeff Mitchell
Josh and Kurt talk to Jeff Mitchell about the new HashiCorp project Boundary. We discuss what Boundary is, why it’s cooler than a VPN, and how you can get involved. Show Notes Jeff Mitchell HashiCorp Boundary announcement Discuss forum Boundary Project Boundary GitHub
Episode 221 – Security, magic, and FaceID
Josh and Kurt talk about how to get started in security. It’s like the hero’s journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. Show Notes Hero’s Journey Mudge’s Tweet L0pht at Congress Bob Ross Webkit Face ID and TouchContinue reading “Episode 221 – Security, magic, and FaceID”
Episode 220 – Securing network time and IoT
Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore’s Cybersecurity Labelling Scheme (CLS). It probably won’t do a lot in the short term, but we hope it’s a beacon of hope for the future. Show NotesContinue reading “Episode 220 – Securing network time and IoT”
Episode 219 – Chat with Larry Cashdollar
Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! Show Notes Akamai Larry’s website Larry’s First CVE
Episode 218 – The past was a terrible place
Josh and Kurt talk about change. Specifically we discuss how the past was a terrible place. Never believe anyone who tells you it was better. Part of a career now is learning how to learn. The things you learn today won’t be useful skills in a few years. The future is is always better thanContinue reading “Episode 218 – The past was a terrible place”
A bug by any other name
This tweet from Jim Manico really has me thinking about why we like to consider security bugs special. There are a lot of tools on the market today to scan your github repos, containers, operating systems, web pages … pick something, for security vulnerabilities. I’ve written a very very long series about these scanners andContinue reading “A bug by any other name”
