Podcast

ace-1869825_1920

Episode 221 - Security, magic, and FaceID

Josh and Kurt talk about how to get started in security. It’s like the hero’s journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_221_Security_magic_and_FaceID.mp3 Show Notes Hero’s Journey Mudge’s Tweet L0pht at Congress Bob Ross Webkit Face ID and Touch ID for the Web

October 26, 2020
clock-2129862_1920

Episode 220 - Securing network time and IoT

Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore’s Cybersecurity Labelling Scheme (CLS). It probably won’t do a lot in the short term, but we hope it’s a beacon of hope for the future. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_220_Securing_network_time_and_IoT.mp3 Show Notes Network Time Security NTP and the University of Wisconsin Cybersecurity Labelling Scheme (CLS)

October 19, 2020
sparrows-2759978_1920

Episode 219 - Chat with Larry Cashdollar

Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_219_Chat_with_Larry_Cashdollar.mp3 Show Notes Akamai Larry’s website Larry’s First CVE

October 12, 2020
lost-places-4034478_1920

Episode 218 - The past was a terrible place

Josh and Kurt talk about change. Specifically we discuss how the past was a terrible place. Never believe anyone who tells you it was better. Part of a career now is learning how to learn. The things you learn today won’t be useful skills in a few years. The future is is always better than the past. Even in 2020. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_218_The_past_was_a_terrible_place.mp3 Show Notes I no longer build software Temple OS Top Gear electric car 1959 Bel Air crash test

October 5, 2020
book-1659717_1920

Episode 217 - How to tell your story with Travis Murdock

Josh and Kurt talk to Travis Murdock about how to tell your story. Travis explains how to talk to the press and how to tell our story in a way that helps get our message across and lets the reporter do their job better. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_217_How_to_tell_your_story_with_Travis_Murdock.mp3 Show Notes Ruder Finn CVE-2009-3555 Heartbleed

September 28, 2020
venus-5556107_1920

Episode 216 - Security didn't find life on Venus

Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn’t really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn’t hear that though. We have a similar communication problem in security. How often are your words misunderstood? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_216_Security_didnt_find_life_on_Venus.mp3 Show Notes Phosphine on Venus GPS and relativity

September 21, 2020
french-bulldog-5342008_1920

Episode 215 - Real security is boring

Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_215_Real_security_is_boring.mp3 Show Notes Targeting developers XKCD Infrastructure comic Hiding security flaws in git Mossad vs Not-Mossad (PDF warning)

September 14, 2020
lighthouse-2372461_1920

Episode 213 - Security Signals: What are you telling the world

Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_213_Security_Signals_What_are_you_telling_the_world.mp3 Show Notes Reddit carbon monoxide Part 1 Part 2 GCP Grey minus infinity Josh’s blog post

September 7, 2020
walnuts-1213008_1920

Episode 212 - Grab Bag: The Security We Deserve Edition

Josh and Kurt talk about Chromium sending traffic to root DNS servers. Telemetry watching what we do. Cryptocurrency scams and a few other random topics. Also pandas. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_212_Grab_Bag_The_Security_We_Deserve_Edition.mp3 Show Notes Blanket rack Chromium DNS traffic Ubuntu MOTD Microsoft telemetry YAM coin implodes Panda Cubs

August 31, 2020
business-962359_1920

Episode 211 - The only thing harder than signing files is managing users

Josh and Kurt talk about the Microsoft 2 year old signature bug and GitLab no longer processing MFA resets for free users. Signing things is hard, but trying to manage users and infrastructure at scale is even harder. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_211_The_only_thing_harder_than_signing_files_is_managing_users.mp3 Show Notes Microsoft signed jar bug GitLab Support is no longer processing MFA resets for free users Someone Is Hijacking Tor Exit Nodes to Conduct MITM Attacks

August 24, 2020