Episode 216 – Security didn’t find life on Venus

Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn’t really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn’t hear that though. We have a similar communication problem in security. How often are your words misunderstood?Continue reading “Episode 216 – Security didn’t find life on Venus”

Episode 215 – Real security is boring

Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. Show NotesContinue reading “Episode 215 – Real security is boring”

Episode 213 – Security Signals: What are you telling the world

Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. Show Notes Reddit carbon monoxide PartContinue reading “Episode 213 – Security Signals: What are you telling the world”

Episode 211 – The only thing harder than signing files is managing users

Josh and Kurt talk about the Microsoft 2 year old signature bug and GitLab no longer processing MFA resets for free users. Signing things is hard, but trying to manage users and infrastructure at scale is even harder. Show Notes Microsoft signed jar bug GitLab Support is no longer processing MFA resets for free users Someone Is HijackingContinue reading “Episode 211 – The only thing harder than signing files is managing users”

Episode 207 – Weaponized attention

Josh and Kurt start this one by explaining how the Twitter hacker was just a dumb criminal (most criminals are dumb). We then discuss the new GPT-3 AI that can create text. How we create, and how social media is doing everything it can to weaponize our attention. It’s not a fight humanity is winning.Continue reading “Episode 207 – Weaponized attention”

Episode 206 – Confidential Virtual Machines; The future of cloud computing

Josh and Kurt talk about Google’s new confidential VMs. The AMD Secure Encrypted Virtualization is the technology that makes it all possible. What is SEV, how does it work, and why should you care? This technology is going to be the future of the cloud. Show Notes Google confidential VMs AMD SEV SEV vs SGXContinue reading “Episode 206 – Confidential Virtual Machines; The future of cloud computing”