Podcast

Josh and Kurt talk about disclosing security flaws in open source. This is part two of a discussion around how to disclose security issues. This episode focuses on some expectations and behaviors for open source projects as well as researchers trying to disclose a problem to a project. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_160_Disclosing_security_issues_is_insanely_complicated_Part_2.mp3 Show Notes webmin backdoor Github security advisories Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about disclosing security flaws. It’s a topic that’s come up a few times in the last few weeks and it’s more complicated than it’s ever been. We certainly ask more questions than we answer in this episode, there will be a part 2 that focuses on open source disclosure. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_159_Disclosing_security_issues_is_insanely_complicated_Part_1.mp3 Show Notes Lock Picking Lawyer Tavis’ Windows flaw Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about the current state of credit security freezes in the US. We recount a thrilling tale of all the things Josh had to do to get new Internet service. It was all quite silly really. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_158_The_mess_that_we_call_credit_agencies_in_the_US.mp3 Show Notes Weak security freeze pins ’null’ license plate Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about snakeoil cryptography at Black Hat and the new backdoored cryptography fight. Both of these problems will be with us for a very long time. These are fights worth fighting because it’s the right thing to do. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_157_Backdoors_and_snake_oil_in_our_cryptography.mp3 Show Notes Time AI video Kurt’s Tweet about technical explanations Josh’s blog post about bug training Schneier on Barr’s encryption discussion Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about Kazakhstan requiring citizens to place a government controlled root CA certificate on their computers. How does this work. What does it mean for the citizens of Kazakhstan, and why we all should be paying attention. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_156_What_if_we_MitM_a_whole_country.mp3 Show Notes Kazakhstan MitM all TLS traffic Mozilla bug Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about a new way to steal cars because a service didn’t do proper background checks. We also discuss how this relates to working with criminals, such as ransomware, and what it means for the future of the ransomware industry. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_155_Stealing_cars_and_ransomware.mp3 Show Notes Car2go theft Alberta driver’s license security Albertosaurus Las Vegas won’t pay a ransom Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to the authors of a new book The Fifth Domain. Dick Clarke and Rob Knake join us to discuss the book, cybersecurity, US policy, how we got where we are today and what the future holds for cybersecurity. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_154_Chat_with_the_authors_of_the_book_The_Fifth_Domain.mp3 Show Notes The Fifth Domain Dick Clarke Rob Knake Future State Podcast Show Tags #FifthDomain #Cybersecurity Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about user expectations around Facebook’s AI. Normal people are starting to see the capabilities and potential risk with all these services. We also cover the topic of China owning a number of VPN services. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_153_The_unexpected_security_of_AI_photographs_and_VPN.mp3 Show Notes Facebook’s AI descriptions China owns a lot of VPNs VPN comparison Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the disclosure of security vulnerabilities. It’s still not a settled topic, we frame the conversation around a recent disclosure from Tavis Ormandy of Google Project Zero. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_152_Tavis_breaks_the_world_again.mp3 Show Notes Tavis Tavis ruins everything cDc book France Bans Judge Analytics Elastic Source Code Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to David Brumley. The CEO of ForAllSecure and professor at CMU. We discuss when David’s team won the Cyber Grand Challenge, what the future of automated security looks like, and what ForAllSecure is doing. It’s a fascinating window into the future of the industry. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_151_The_Darpa_Cyber_Grand_Challenge_with_David_Brumley.mp3 Show Notes David Brumley ForAllSecure Cyber Grand Challenge Comment on Twitter with the #osspodcast hashtag