Podcast

Josh and special guest host Dave Sirrine talk about feedback, OpenSSL, OAuth2, Let’s Encrypt, disclosure, and locks. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/292434458-opensourcesecuritypodcast-episode-12-security-trebuchet.mp3 Show Notes coh’s feedback OpenSSL security advisory Red Hat CLI security API Shovel Knight Pumpkin OAuth2 bug Let’s Encrypt Half of all Chrome connections use https Google’s Windows Bug RichSec (Richmond VA Information Security Users Group) RVASec (Yearly conference in June held by RichSec) Schuyler Towne - “Why do you lock your door?” Comment on Twitter ...

Josh and special guest host Dave Sirrine talk about Halloween, passwords, hardware timing attacks, chip and pin, security economics, SSL/TLS, and Mozilla enabling TLS 1.3 by default. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/290834937-opensourcesecuritypodcast-episode-11-the-poison-candy-episode.mp3 Show Notes Risky Candy XKCD Password Strength Diceware Haswell Timing Attack Rowhammer on Android Eavesdropping keystrokes via VOIP SSL/TLS Timeline Comment on Twitter

Kurt and Josh discuss Dirty COW, the big IoT DDoS, and Josh can’t pronounce Mirai or Dyn. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/289791587-opensourcesecuritypodcast-episode-10-the-super-botnet-that-nobody-can-stop.mp3 Show Notes Dirty Cow Kees Cook Kernel Bug Lifetime Rowhammer Mirai botnet DDoS Law of truly large numbers Comment on Twitter

Kurt and Josh discuss responsible disclosure, irresponsible disclosure, bug bounties, measuring security, usability AND security, as well as quality of life. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/288890601-opensourcesecuritypodcast-episode-9-are-bug-bounties-measuring-the-wrong-things.mp3 Show Notes Responsible Disclosure OpenSSL Security Policy Rain Forest Puppy Policy ISO 29147 Facebook Bug Bounty Security Spending Security AND Usability Comment on Twitter

Kurt and Josh discuss prime numbers (probably getting a lot of it wrong), Samsung, passwords, National Cyber Security Awareness Month, and bathroom scales. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/287233537-opensourcesecuritypodcast-episode-8-the-primality-of-prime-numbers.mp3 Show Notes New Prime Number Research Randomness testing Kurt’s Repo of Primes DNSSEC Signing Ceremony Magento Skimmer XKCD Wrench Comic Firesheep National Cyber Security Awareness Month Stop Trying to Fix the User Only Trust Food Delivered by Zebra Bathroom Scale Flaw Comment on Twitter

Kurt and Josh discuss the ORWL computer, crashing systemd with one line, NIST, and a security journal. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/285901909-opensourcesecuritypodcast-episode-7-more-powerful-than-root.mp3 Show Notes Physically secure open source computer Ancient Linux fax machine firmware systemd one liner crash Open security journal Let’s Encrypt Random Numbers in Go DRAFT Vulnerability Description Ontology Comment on Twitter

Kurt and Josh discuss interesting news stories https://traffic.libsyn.com/secure/opensourcesecuritypodcast/285305681-opensourcesecuritypodcast-episode-6-foundational-knowledge-of-security.mp3 Show Notes How much gold can you steal from the Canadian mint? Stop plugging random usb sticks in IoT DoS Cost of Security Kijiji World of VNC Shodan Security and Tribal Knowledge Comment on Twitter

Kurt and Josh discuss the recent OpenSSL update(s) https://traffic.libsyn.com/secure/opensourcesecuritypodcast/285193058-opensourcesecuritypodcast-episode-5-openssl-the-library-we-deserve.mp3 Show Notes OpenSSL Flaw Logo ​Sloppy programming leads to OpenSSL woes CVE-2016-6309 (OpenSSL advisory) [Critical severity] 26th September 2016 Sendmail “Bat” Book OpenSSL Man Pages Comment on Twitter

Josh and Kurt discuss news of the day, shipping, and container security https://traffic.libsyn.com/secure/opensourcesecuritypodcast/283885003-opensourcesecuritypodcast-episode-4-dead-squirrel-in-a-box.mp3 Show Notes Stealing shipped gold Shipping the Hope Diamond The French Underground Spam Nation The Random Darknet Shopper Kinder Eggs in the US Mailing crazy things Mailing Bricks to Alaska Uber’s self driving fleet Off the Hook radio show How to wipe email servers Government firewall rules xkcd grammar police Project Bubblewrap Comment on Twitter

Josh and Kurt discuss news of the day, banks, 3D printing, and lockpicking. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/282763713-opensourcesecuritypodcast-episode-3-the-lockpicking-sewing-circle.mp3 Show Notes Segate NAS mining bitcoin Telnet honeypot activity Bravia TVs losing Youtube 10 Million Raspberry Pis last.fm passwords Hack Proof Systems 3D printing pen LulzBot Comment on Twitter