Josh and Kurt talk to Hayley Tsukayama from the EFF about privacy. We all know privacy in the modern age is very complicated and difficult. Normal people don’t have many allies when it comes to privacy. The EFF has been blazing the trail for digital rights for more than 30 years! This episode has aContinue reading “Episode 310 – Hayley Tsukayama from the EFF talks about privacy”
Category Archives: Podcast
Episode 309 – The bright future of open source secuirty
Josh and Kurt talk about NPM requiring 2FA for the top 100 packages. We discuss the new Alpha and Omega projects from the OpenSSF and what it could mean for the future of open source security. Then we end on a note about the new Samba critical vulnerability. Show Notes NPM requires 2FA OpenSSF Alpha and Omega DavidContinue reading “Episode 309 – The bright future of open source secuirty”
Episode 308 – Welcome to the jungle – How to talk about open source security
Josh and Kurt talk about how to get attention for security problems. Recent research around Twitter credentials checked into GitHub showed us how to get a lot of attention when compared to a problem like Log4Shell which took years before anyone really picked up on the problem. It’s hard to talk about security sometimes. Show Notes Josh’s computerContinue reading “Episode 308 – Welcome to the jungle – How to talk about open source security”
Episode 307 – Got vulnerabilities? Introducing GSD
Josh and Kurt talk about the Global Security Database (GSD) project. This is a Cloud Security Alliance (CSA) effort to build community around vulnerability identifiers. Show Notes We rate dogs Racoons that heal your sadness Global Security Database Episode 261 – DWF is back! Welcome to community powered CVE GSD mailing list GSD Circle group GSD Database GSDContinue reading “Episode 307 – Got vulnerabilities? Introducing GSD”
Episode 306 – Open source isn’t broken, it’s an experience
Josh and Kurt talk about the faker and colors NPM events. There is a lot of discussion around open source being broken or somehow failing because of these events. The real answer is open source is an experience. How we interact with our dependencies determines what the experience looks like. Show Notes Developer corrupts colors and faker WillContinue reading “Episode 306 – Open source isn’t broken, it’s an experience”
Episode 305 – Norton, Ethereum, NFT, and Apes
Josh and Kurt talk about Norton creating an Ethereum mining pool. This is almost certainly a bad idea, we explain why. We then discuss the reality of NFTs and the case of stolen apes. NFTs can be very confusing. The whole world of cryptocurrency is very confusing for normal people. None of this is new, there have alwaysContinue reading “Episode 305 – Norton, Ethereum, NFT, and Apes”
Episode 304 – Will we ever fix all the vulnerabilities?
Josh and Kurt talk about the question will we ever fix all the vulnerabilities? The question came from Reddit and is very reasonable, but it turns out this is REALLY hard to discuss. The answer is of course “no”, but why it is no is very complicated. Far more complicated than either of us thought it would be.Continue reading “Episode 304 – Will we ever fix all the vulnerabilities?”
Episode 303 – Log4j Christmas Spectacular!
Josh and Kurt start the show with the reading of a security themed Christmas poem. We then discuss some of the new happenings around Log4j. The basic theme is that even if we were over-investing in Log4j, it probably wouldn’t have caught this. There are still a lot of things to unpack with this event. We are sureContinue reading “Episode 303 – Log4j Christmas Spectacular!”
Episode 302 – Log4j is a mess
Josh and Kurt talk about the same topic everyone is talking about, Log4j. This episode was recorded on the Wednesday after the first Log4j issue. We point out all the gaps and difficulties for the defenders. The situation has gotten worse since then. Good luck to everyone dealign with this thing Show Notes Log4j GSD entry Minecraft serverContinue reading “Episode 302 – Log4j is a mess”
Episode 301 – You’re holding it wrong: the importance of unlearning
Josh and Kurt talk about the epic failure that was episode 300. But this ties nicely into the topic of the day which is new ways to do things. The example is a new way to hold a controller when playing Tetris. There are always new tools and new ideas in security. Sometimes we have to abandon theContinue reading “Episode 301 – You’re holding it wrong: the importance of unlearning”
Open Source Security 