Josh and Kurt talk about the recent sudo and libgcrypt security vulnerabilities. What’s the deal with these buffer overflows and TOCTU bugs? Show Notes Sudo buffer overflow Sudo SELinux bug libgcrypt buffer overflow
Josh and Kurt talk about 8 bit computing. What sort of security lessons can we learn from the 8 bit world? More than you think. Show Notes Legend of Zelda Random Number Generation Green rocket flame SR71 leaked fuel How do Namibian Himbas see colour? Suptuple meter music
Josh and Kurt talk about what we can stop doing. We take a position of asking “does it spark joy” for tools and infrastructure. Everyone is doing something they should stop. Show Notes Does it spark joy?
Josh and Kurt talk about the new right to repair rules in the EU. There’s a strange line between loving the idea of right to repair, but also being horrified as security people at the idea of a device being on the Internet for 30 years. Show Notes EU right to repair repair.eu
Josh and Kurt talk about this idea that seems to exist in security of “attackers only need to be right once” which is silly. The reality is attackers have to get everything right, defenders really only need to get it right once. But “defenders only need to be right once” isn’t going to sell anyContinue reading “Episode 253 – Defenders only need to be right once”
Josh and Kurt talk about a report on open source security from the Canadian Centre for Cyber Security. The title pretty much sums it up. Show Notes Security Considerations for Open Source Build an 8 bit computer from scratch
Josh and Kurt talk about communication. It’s really hard to talk about a lot of what we do. How do we know if a device is secure? How do we know our knowledge is correct? Show Notes 90 percent of U.S. bills carry traces of cocaine Is the moon a star or planet? A moleContinue reading “Episode 251 – Communication is hard, security communication is more hard”
Josh and Kurt talk about why we do the things we do. Sometimes we have to question everything Links SLAM missile
Josh and Kurt talk about the idea of information wanting to be free. It’s Christmas, we should give it what it wants! Links Hacker Manifesto
Josh and Kurt talk about how to file 1000 security flaws. One is easy, scale is hard.