Episode 157 - Backdoors and snake oil in our cryptography

Josh and Kurt talk about snakeoil cryptography at Black Hat and the new backdoored cryptography fight. Both of these problems will be with us for a very long time. These are fights worth fighting because it’s the right thing to do. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_157_Backdoors_and_snake_oil_in_our_cryptography.mp3 Show Notes Time AI video Kurt’s Tweet about technical explanations Josh’s blog post about bug training Schneier on Barr’s encryption discussion Comment on Twitter with the #osspodcast hashtag ...

August 19, 2019

Episode 156 - What if we MitM a whole country?

Josh and Kurt talk about Kazakhstan requiring citizens to place a government controlled root CA certificate on their computers. How does this work. What does it mean for the citizens of Kazakhstan, and why we all should be paying attention. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_156_What_if_we_MitM_a_whole_country.mp3 Show Notes Kazakhstan MitM all TLS traffic Mozilla bug Comment on Twitter with the #osspodcast hashtag

July 29, 2019

Episode 155 - Stealing cars and ransomware

Josh and Kurt talk about a new way to steal cars because a service didn’t do proper background checks. We also discuss how this relates to working with criminals, such as ransomware, and what it means for the future of the ransomware industry. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_155_Stealing_cars_and_ransomware.mp3 Show Notes Car2go theft Alberta driver’s license security Albertosaurus Las Vegas won’t pay a ransom Comment on Twitter with the #osspodcast hashtag

July 22, 2019

Episode 154 - Chat with the authors of the book "The Fifth Domain"

Josh and Kurt talk to the authors of a new book The Fifth Domain. Dick Clarke and Rob Knake join us to discuss the book, cybersecurity, US policy, how we got where we are today and what the future holds for cybersecurity. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_154_Chat_with_the_authors_of_the_book_The_Fifth_Domain.mp3 Show Notes The Fifth Domain Dick Clarke Rob Knake Future State Podcast Show Tags #FifthDomain #Cybersecurity Comment on Twitter with the #osspodcast hashtag

July 16, 2019

Episode 153 - The unexpected security of AI, photographs, and VPN

Josh and Kurt talk about user expectations around Facebook’s AI. Normal people are starting to see the capabilities and potential risk with all these services. We also cover the topic of China owning a number of VPN services. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_153_The_unexpected_security_of_AI_photographs_and_VPN.mp3 Show Notes Facebook’s AI descriptions China owns a lot of VPNs VPN comparison Comment on Twitter with the #osspodcast hashtag

July 8, 2019

Episode 152 - Tavis breaks the world ... again

Josh and Kurt talk about the disclosure of security vulnerabilities. It’s still not a settled topic, we frame the conversation around a recent disclosure from Tavis Ormandy of Google Project Zero. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_152_Tavis_breaks_the_world_again.mp3 Show Notes Tavis Tavis ruins everything cDc book France Bans Judge Analytics Elastic Source Code Comment on Twitter with the #osspodcast hashtag

July 1, 2019

Episode 151 - The DARPA Cyber Grand Challenge with David Brumley

Josh and Kurt talk to David Brumley. The CEO of ForAllSecure and professor at CMU. We discuss when David’s team won the Cyber Grand Challenge, what the future of automated security looks like, and what ForAllSecure is doing. It’s a fascinating window into the future of the industry. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_151_The_Darpa_Cyber_Grand_Challenge_with_David_Brumley.mp3 Show Notes David Brumley ForAllSecure Cyber Grand Challenge Comment on Twitter with the #osspodcast hashtag

June 24, 2019

Episode 150 - Our ad funded dystopian present

Josh and Kurt talk about the future Chrome and ad blockers. There is a lot of nuance to unpack around this one. There are two versions of the Internet today. One with an ad blocker and one without. The Internet without an ad blocker is a dystopian nightmare. The actionable advice at the end of this one is to use Firefox. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_150_Our_ad_funded_dystopian_present.mp3 Show Notes Chrome ad blocking Firefox Mozilla funding Donate to Firefox Comment on Twitter with the #osspodcast hashtag ...

June 17, 2019

Episode 149 - Chat with Michael Coates about data security

Josh and Kurt have a chat with Michael Coates from Altitude Networks. We cover what Altitude is up to as well as general trends we’re seeing around data security in the cloud. Michael lays out his vision for “data first security”. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_149_Chat_with_Michael_Coates_about_data_security.mp3 Show Notes Michael Coates Altitude Networks Michael’s Keynote Comment on Twitter with the #osspodcast hashtag

June 10, 2019

Episode 148 - You just got pwnt, what now?

Josh and Kurt talk about public disclosure of a security incident. We start out with a story about Canva, then discuss what do you do if you have a security incident? Who do you tell, what do you tell them. How do you tell your story? It’s a really hard problem even if it’s something you’ve done many times in the past. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_148_You_just_got_pwnt_what_now.mp3 Show Notes Dave Hall First Canva message Second Canva message Forklift safety Pixar Toy Story 2 Non financial database Eating Crow Comment on Twitter with the #osspodcast hashtag ...

June 3, 2019