Josh and Kurt talk about the Biden Administration new cybersecurity executive order. There are some good ideas in there, but at the end of the day it’s an unfunded mandate. Unfunded mandates are difficult to implement. Show Notes Biden Executive Order Fact Sheet Obama’s cyber EO
Category Archives: Podcast
Episode 271 – Pipeline security: There is no problem humans can’t make worse
Josh and Kurt talk about how people handle problems. We open with the story of the Colonial Pipeline hack, but then go into some of the ways people tend to make problems worse. Show Notes Male vs Female trees Pipeline hack XKCD Pipelines TSA Pipeline Security
Episode 270 – Hello dark patterns my old friend
Josh and Kurt talk about dark patterns. A dark pattern is when a service tries to confuse a user into doing something they don’t want to, like unknowingly purchasing a monthly subscription to something you don’t need or want. The US Federal Trade Commission is starting to discuss dark patterns in webs sites and apps.Continue reading “Episode 270 – Hello dark patterns my old friend”
Episode 269 – Do not experiment on the Linux Kernel
Josh and Kurt talk about the University of Minnesota experimenting on the Linux Kernel. There’s a lot to unpack in this one, but the TL;DR is you probably don’t want to experiment on the kernel. Show Notes Linux Bans University of Minnesota for Sending Buggy Patches in the Name of Research University of Minnesota securityContinue reading “Episode 269 – Do not experiment on the Linux Kernel”
Episode 268 – Can we trust any 3rd parties?
Josh and Kurt talk about what 3rd party means in the current world. From 5G suppliers, to the Codecov and Solarwinds breaches. Is there anyone we can trust? Show Notes Europe and 5G Codecov Codecov Reuters story Red Hat OpenSSH advisory
Episode 267 – Does 0day still mean 0day?
Josh and Kurt talk about 0day security vulnerabilities. What are they? What were they? And why the name has taken on a new meaning, and that’s OK. Show Notes Hacker History Podcast Chrome 0day NTFS Documentation
Episode 266 – The future of security scanning with Debricked
Josh and Kurt talk to Emil Wåreus from Debricked about the future of security scanners. Debricked is doing some incredibly cool things to avoid relying on humans for vulnerability identification and cataloging. Learn what the future of security scanning is going to look like. Show Notes Debricked Emil’s Linkedin
Episode 265 – The lies closed source can tell, open source can’t
Josh and Kurt talk about the PHP backdoor and the Ubiquity whistleblower. The key takeaway is to note how an open source project cannot cover up an incident, but closed source can and will cover up damaging information. Show Notes PHP backdoor Ubiquity coverup 3D printed TSA keys LockPickingLaywer Determining Key Shape from Sound LockContinue reading “Episode 265 – The lies closed source can tell, open source can’t”
Episode 264 – DevSecOps with GitLab’s Mark Loveless
Josh and Kurt talk to Mark Loveless from GitLab. We touch on DevSecOps, what GitLab is doing, threat modeling, and the time Mark tested positive for TNT at the airport. It’s a great conversation. Show Notes Mark Loveless Twitter GitLab GitLab Handbook How we approach open source security PASTA threat modeling GitLab security features TalesContinue reading “Episode 264 – DevSecOps with GitLab’s Mark Loveless”
Episode 263 – GitHub pulls exploits, LinuxFoundation sign all the things
Josh and Kurt talk about how terrible daylight savings is. GitHub yanking some exploit code. And the Linux Foundation new project to sign all the things. Show Notes Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github GitHub content restrictions Reproducing the Microsoft Exchange Proxylogon Exploit Chain
