Podcast

Josh and Kurt talk about actual real world advice. Based on a story about trying to secure political campaigns, if we had to give some security help what should it look like, who should we give it to? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_113_actual_real_security_advice.mp3 Show Notes Security advice to Democrats Our actual advice Don’t run your own services Email - Google or Microsoft Don’t’ use GPG Use a trusted device Use a password manager on a secure device Use 2FA Backups Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about the new Google Titan security key. There are some in the industry uneasy about the supply chain for the devices. We also discuss the latest Struts security issue. Struts is old and scary now, stop using it. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-112_googles_titan_key_and_the_latest_struts_issue.mp3 Show Notes Google’s security key security questions Struts security issue Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about TLS 1.3 and DNS. What can we expect from the future for these, how are they related (or not related). We touch on DNSSEC and why it probably won’t matter. DNS over TLS is looking pretty great though. There is also a guest appearance from quantum crypto. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_111_The_TLS_1_3_and_DNS_episode.mp3 Show Notes Cloudflare TLS 1.3 blog NIST post quantum crypto Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about Black Hat and Defcon and how unexciting they have become. What happened with hotels at Defcon, and more importantly how many security policies have 2nd and 3rd level effects we often can’t foresee. We end with important information about pizza, bananas, and can openers. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_110_review_of_black_hat_defcon_and_the_effect_of_security_policies.mp3 Show Notes Kids hacking voting machines Black Hat plaintext email Defcon hotel shenanigans International Pizza Expo How to use a can opener How to open a banana Join our Facebook Group ...

Josh and Kurt talk about phishing training and how it doesn’t really matter. Josh spoke at OSCon and comes back with some fun observations and advice. People want practical actionable advice and we’re not good at that. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_109_OSCon_and_actionable_advice.mp3 Show Notes Traffic cone costume Azure Linux Masterlock Speed Dial Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the latest attack on bluetooth and discuss phishing in the modern world. U2F is a great way to stop phishing, training is not. We also discuss airgaps in response to attacks on airgapped power utilities. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_108_bluetooth_phishing_airgaps_and_eating_soup_off_the_floor.mp3 Show Notes ECDH in Bluetooth Diffie-Hellman with paint Google Phishing Hackers jumped air gaps Portable secure data center Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about modern hardware, how security relates to devices and actions. Everything from secure devices, to the cables we use, to thermal cameras and coat hangers. We end the conversation discussing the words we use and how they affect the way people see us and themselves. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_107_the_year_of_the_linux_desktop_and_other_hardware_stories.mp3 Show Notes Linux on Chromebooks Touchscreen and secrets Coat hanger vs Monster cables Build a toaster Join our Facebook Group ...

Josh and Kurt talk about Cory Doctorow’s piece on Facebook data privacy. It’s common to call data the new oil but it’s more like nuclear waste. How we fix the data problem in the future is going to require solutions we can’t yet imagine as well as new ways of thinking about the problems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_106_data_isnt_oil_its_nuclear_waste.mp3 Show Notes Mark Zuckerberg and his empire of oily rags Fitness app leak Operation Mincemeat Bancor cryptocurrency theft CryptoKitties Join our Facebook Group ...

Josh and Kurt talk about some recent backdoor problems in open source packages. We touch on is open source secure, how that security works, and what it should look like in the future. This problem is never going to go away or get better, and that’s probably OK. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_105_more_backdoors_in_open_source.mp3 Show Notes eslint-scope issue Arch Linux Acrobat Reader issue Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about the Gentoo security incident. Gentoo did a really good job being open and dealing with the incident quickly. The basic takeaway from all this is make sure your organization is forcing users to use 2 factor authentication. The long term solution is going to be all identity providers forcing everyone to use 2FA. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_104_the_gentoo_security_incident.mp3 Show Notes Gentoo incident timeline Have I Been Pwned Cloudflare Join our Facebook Group ...