Episode 147 - Scams and operations as part of the supply chain

Josh and Kurt talk about a new type of lockbox scams. We also discuss Slack being a target for nation state attacks. Do you consider your operations part of your supply chain?It’s totally part of your supply chain. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_147_Scams_and_operations_as_part_of_the_supply_chain.mp3 Show Notes Lock Box Scam Slack nation state hacker target Comment on Twitter with the #osspodcast hashtag

May 27, 2019

Episode 146 - What the @#$% happened to Microsoft?

Josh and Kurt talk about Microsoft. They’re probably not the bad guys anymore, which is pretty wild. They’re adding a Linux kernel to Window. Can we declare open source the unquestionable winner now? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_146_What_the_happened_to_Microsoft.mp3 Show Notes Github contribution report Are we the baddies? Comment on Twitter with the #osspodcast hashtag

May 20, 2019

Episode 145 - What do security and fire have in common?

Josh and Kurt talk about fire. We discuss the history of fire prevention and how it mirrors many of things we see in security. There are lessons there for us, we just hope it doesn’t take 2000 years like it did for proper fire prevention to catch on. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_145_What_do_security_and_fire_have_in_common.mp3 Show Notes History of firefighting Comment on Twitter with the #osspodcast hashtag

May 13, 2019

Episode 144 - The security of money, which one is best?

Josh and Kurt talk about the security of money. Not how to keep it secure, but the security issues around using cash, credit, and bitcoin. We also talk about Banksy’s clever method for proving something is original. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_144_The_security_of_money_which_one_is_best.mp3 Show Notes Banksy ten pound note Ethereum bad wallets Comment on Twitter with the #osspodcast hashtag

May 6, 2019

Episode 143 - Security lessons from the phone book

Josh and Kurt talk about the phone book (yeah, the big paper book people used to use). Kurt got one in the mail. While it’s certainly a relic from another time, there were security tips in it among other wild things. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_143_Security_lessons_from_the_phone_book.mp3 Show Notes Chad Loder’s Twitter Comment on Twitter with the #osspodcast hashtag

April 29, 2019

Episode 142 - Hypothetical security: what if you find a USB flash drive?

Josh and Kurt talk about what one could do if you find a USB drive. The context is based on the story where the Secret Service was rumored to have plugged a malicious USB drive into a computer. The purpose of discussion is to explore how to handle a situation like this in the real world. We end the episode with a fantastic comparison of swim safety and security. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_142_Hypothetical_security_what_if_you_find_a_USB_flash_drive.mp3 Show Notes Secret service flash drive story Syncstop Show Tags #ImpossibleSecurity Comment on Twitter with the #osspodcast hashtag ...

April 21, 2019

Episode 141 - Timezones are hard, security is harder

Josh and Kurt talk about the difficulty of security. We look at the difficulty of the EU not observing daylight savings time, which is probably magnitudes easier than getting security right. We also hit on a discussion on Reddit about U2F that shows the difficulty. Security today is too hard, even for the experts. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_141_Timezones_are_hard_security_is_harder.mp3 Show Notes Storing time in UTC is hard How strong are nails and screws? Reddit U2F comments Comment on Twitter with the #osspodcast hashtag ...

April 15, 2019

Episode 140 - Good enough security is a pretty high bar

Josh and Kurt talk about identity. It’s a nice example we can generally understand in the context of how much security is enough security? When we deal with identity the idea of good enough is often acceptable for the vast majority of uses. Perfect identity tracking isn’t really a thing nor is it practical. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_140_Good_enough_security_is_a_pretty_high_bar.mp3 Show Notes Firefighters breaking through a door Fake engineer at the Berlin Airport Comment on Twitter with the #osspodcast hashtag ...

April 8, 2019

Episode 139 - Secure voting, firefox send, and toxic comments on the internet

Josh and Kurt talk about Brexit, voting, Firefox send, and toxic comments. Is there anything we can do to slow the current trend of conversation on the Internet always seeming to spiral out of control? The answer is maybe with a lot of asterisks. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_139_secure_voting_firefox_send_and_toxic_comments_on_the_internet.mp3 Show Notes Swiss evoting Darpa $10 million secure voting Firefox Send Jigsaw and toxic comments Comment on Twitter with the #osspodcast hashtag

April 1, 2019

Episode 138 - Information wants to be free

Josh and Kurt talk about a prank gone wrong, the reality of when your data ends up public. Once it’s public you can’t ever put it back. We also discuss Notepad++ no longer signing releases and what signing releases means for the world in general. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_138_Information_wants_to_be_free.mp3 Show Notes Japanese girl arrested Publish package to the npm registry University study on developers and passwords Kurt’s blockchain project - OpenCPEs Notepad++ stops signing releases What is a photocopier? TASBot Comment on Twitter with the #osspodcast hashtag ...

March 25, 2019