Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What will container security look like in the future? Show Notes Container Security download Pictures of elephants Kubernetes SecurityContinue reading “Episode 200 – Talking Container Security with Liz Rice”
Category Archives: Podcast
Episode 199 – Special cases are special: DNS, Websockets, and CSV
Josh and Kurt talk about a grab bag of topics. A DNS security flaw, port scanning your machine from a web browser, and CSV files running arbitrary code. All of these things end up being the result of corner cases. Letting a corner case be part of a default setup is always a mistake. YesContinue reading “Episode 199 – Special cases are special: DNS, Websockets, and CSV”
Episode 198 – Good advice or bad advice? Hang up, look up, and call back
Josh and Kurt talk about the Krebs blog post titled “When in Doubt: Hang Up, Look Up, & Call Back”. In the world of security there isn’t a lot of actionable advice, it’s worth discussing if something like this will work, or ever if it’s the right way to handle these situations. Show Notes When in Doubt:Continue reading “Episode 198 – Good advice or bad advice? Hang up, look up, and call back”
Episode 197 – Beer, security, and consistency; the newer, better, triad
Josh and Kurt talk about what beer and reproducible builds have in common. It’s a lot more than you think, and it mostly comes down to quality control. If you can’t reproduce what you do, you’re not a mature organization and you need maturity to have quality. Show Notes Reinheitsgebot Josh’s Blog Post Ken Thompson’s reflections onContinue reading “Episode 197 – Beer, security, and consistency; the newer, better, triad”
Episode 196 – Pounding square solutions into round holes: forced updates from Ubuntu
Josh and Kurt talk about automatic updates. Specifically we discuss a recent decision by Ubuntu to enable forced automatic updates. There are lessons here for the security community. We have a history of jumping to solutions rather than defining and understanding problems. Sometimes our solutions aren’t the best. Also murder bees. Show Notes The Oatmeal giant beeContinue reading “Episode 196 – Pounding square solutions into round holes: forced updates from Ubuntu”
Episode 195 – Is BGP actually insecure?
Josh and Kurt talk about the uproar around Cloudflare’s “Is BGP safe yet” site. It’s always interesting watching how much people will push back on new things, even if the new things is probably a step in the right direction. The clever thing Cloudflare is doing in this instance is they are making the BGP problem somethingContinue reading “Episode 195 – Is BGP actually insecure?”
Episode 194 – Working from home security: resistance is futile
Josh and Kurt talk about the new normal that’s working away from an office. It’s not exactly working from home as there are some unforeseen challenges that we just took for granted in the past. There are a lot of new and strange security problems we have to adapt to, everyone is doing amazing work with veryContinue reading “Episode 194 – Working from home security: resistance is futile”
Episode 193 – Security lessons from space: Apollo 13 edition
Josh and Kurt talk about space. We intended to focus on Apollo 13 but as usual we have no ability to stay on topic. There is a lot of fun space discussions in this one though. Do you think you can hack Voyager 1? Only if you have a big enough satellite dish. Show Notes Eavesdropping onContinue reading “Episode 193 – Security lessons from space: Apollo 13 edition”
Episode 192 – Work without progress – what Infosec can learn from treadmills
Josh and Kurt talk about Kurt’s recent treadmill purchase and the lessons we can lean in security from the consumer market. The consumer market has learned a lot about how to interact with their customers in the last few decades, the security industry is certainly behind in this space today. Once again we display our ability toContinue reading “Episode 192 – Work without progress – what Infosec can learn from treadmills”
Episode 191 – Security scanners are all terrible
Josh and Kurt talk about security scanners. They’re all pretty bad today, but there are some things we can do to make them better. Step one is to understand the problem. Do you know why you’re running the scanner and what the reports mean? Show Notes Edmonton freeze thaw cycles Josh’s security scanner blog series Comment onContinue reading “Episode 191 – Security scanners are all terrible”
