Podcast

Josh and Kurt talk about open source maintainers and building communities. While an open source maintainer doesn’t owe anyone anything, there are some difficult conversations around holding back a community rather than letting it flourish. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_182_Does_open_source_owe_us_anything.mp3 Show Notes Actix-web story Lodash Possible Lodash security issue Javascript libraries are almost never updated Ularn Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about SIM swapping. What is it, how does it work. Why should you care? There’s not a ton you can do to protect yourself, but we go over some of the basic concepts and what to watch out for. It’s unfortunate this is still a problem. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_181_The_security_of_SIM_swapping.mp3 Show Notes Five Major US Wireless Carriers Are Vulnerable to SIM Swapping Edmonton Police SIM swap website Show Tags #SIMSwap Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about two recent vulnerabilities that have had very different outcomes. One was the Citrix remote code execution flaw. While the flaw is bad, the handling of the flaw was possibly worse than the flaw itself. The other was the Microsoft ECC encryption flaw. It was well handled even though it was hard to understand and it is a pretty big deal. As all these things go, fixing and disclosing vulnerabilities is hard. ...

Josh and Kurt talk about the updated Google Project Zero disclosure policy. What’s the new policy, what does it mean, and will it really matter? We suspect it will improve some things, but won’t drastically change much. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_179_Google_Project_Zero_and_the_90_day_clock.mp3 Show Notes Google and 90 day patch disclosure Upgrading all Windows versions Show Tags #GoogleProject0 #CoordinatedDisclosure #ResponsibleDisclosure Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don’t think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won’t create any substantial change in the industry. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_178_Are_CVEs_important_and_will_ransomware_put_you_out_of_busines.mp3 Show Notes Games Done Quick Ransomware puts company out of business 1 in 5 companies shut down due to ransomware Laura Shin SIM Swap Podcast Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about marketplace safety and security. Will we ever see an end to the constant flow of counterfeit goods? The security industry has the same problem the marketplace industry has, without substantial injury we don’t see movement towards meaningful change. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_177_Fake_or_real_The_security_of_counterfeit_goods.mp3 Show Notes BrickLink Cars in Canada lighting on fire President Roosevelt used Al Capone’s Limo Dangerous car seats Fake external hard drive Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about security predictions for 2020. None of the predictions are even a bit controversial or unexpected. We’re in a state of slow change, without disruptive technology next year will look a lot like this year. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_176_The_predictions_are_stupid_prediction_episode.mp3 Show Notes The Rising Speed of Technological Adoption Slack Certified GDPR Fines and Notices Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the opportunistic nature of crime. Defenders have to defend, which means the adversaries are by definition always a step ahead. We use the context of automobile crimes to frame the discussion. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_175_Defenders_will_always_be_one_step_behind.mp3 Show Notes Stealing cars with radio relays RTL Software Defined Radio Canada most stolen car Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to Rob Schultheis from GitHub about some of the amazing projects GitHub is working on. We discuss GitHub security advisories, getting a CVE from GitHub, and what the new GitHub Security Lab is doing. It’s a great conversation about how GitHub is working to make security better for all of us. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_174_GitHub_turns_security_up_to_11_A_discussion_with_Rob_Schultheis.mp3 Show Notes GitHub Security Advisories GitHub CVE requests GitHub Security Lab GitHub Security Lab Slack GitHub Security Lab Twitter Show Tags #CodeQL #GitHub Comment on Twitter with the #osspodcast hashtag ...

Josh Santa and Kurt talk the border nightmare Santa Clause has to deal with as he traverses the globe. Questions we explore include: Are the reindeer farm animals? Is the North Pole a farm? Is Santa an intellectual property thief? Does Krampus eat politicians? Does Santa have a passport? Does Santa have an emergency radio? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_173_Ho_Ho_Homeland_Security.mp3 Show Notes Pirate Joes Comment on Twitter with the #osspodcast hashtag