Episode 184 – It’s DNS. It’s always DNS

Josh and Kurt talk about the sale of the corp.com domain. Is it going to be the end of the world, or a non event? We disagree on what should happen with it. Josh hopes an evildoer buys it, Kurt hopes for Microsoft. We also briefly discuss the CIA owning Crypto AG. Show Notes corp.com is forContinue reading “Episode 184 – It’s DNS. It’s always DNS”

Episode 183 – The great working from home experiment

Josh and Kurt talk about a huge working from home experiment because of the the Coronavirus. We also discuss some of the advice going on around the outbreak, as well as how humans are incredibly good at ignoring good advice, often to their own peril. Also an airplane wheel falls off. Show Notes Work from home HackerContinue reading “Episode 183 – The great working from home experiment”

Episode 182 – Does open source owe us anything?

Josh and Kurt talk about open source maintainers and building communities. While an open source maintainer doesn’t owe anyone anything, there are some difficult conversations around holding back a community rather than letting it flourish. Show Notes Actix-web story Lodash Possible Lodash security issue Javascript libraries are almost never updated Ularn Comment on Twitter with the #osspodcastContinue reading “Episode 182 – Does open source owe us anything?”

Episode 181 – The security of SIM swapping

Josh and Kurt talk about SIM swapping. What is it, how does it work. Why should you care? There’s not a ton you can do to protect yourself, but we go over some of the basic concepts and what to watch out for. It’s unfortunate this is still a problem. Show Notes Five Major US Wireless CarriersContinue reading “Episode 181 – The security of SIM swapping”

Episode 180 – A Tale of Two Vulnerabilities

Josh and Kurt talk about two recent vulnerabilities that have had very different outcomes. One was the Citrix remote code execution flaw. While the flaw is bad, the handling of the flaw was possibly worse than the flaw itself. The other was the Microsoft ECC encryption flaw. It was well handled even though it was hard toContinue reading “Episode 180 – A Tale of Two Vulnerabilities”

Episode 179 – Google Project Zero and the 90 day clock

Josh and Kurt talk about the updated Google Project Zero disclosure policy. What’s the new policy, what does it mean, and will it really matter? We suspect it will improve some things, but won’t drastically change much. Show Notes Google and 90 day patch disclosure Upgrading all Windows versions Show Tags #GoogleProject0 #CoordinatedDisclosure #ResponsibleDisclosure Comment on TwitterContinue reading “Episode 179 – Google Project Zero and the 90 day clock”

Episode 178 – Are CVEs important and will ransomware put you out of business?

Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don’t think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won’t create any substantial change in the industry. Show Notes Games Done QuickContinue reading “Episode 178 – Are CVEs important and will ransomware put you out of business?”

Episode 177 – Fake or real? The security of counterfeit goods

Josh and Kurt talk about marketplace safety and security. Will we ever see an end to the constant flow of counterfeit goods? The security industry has the same problem the marketplace industry has, without substantial injury we don’t see movement towards meaningful change. Show Notes BrickLink Cars in Canada lighting on fire President Roosevelt used Al Capone’sContinue reading “Episode 177 – Fake or real? The security of counterfeit goods”

Episode 176 – The ‘predictions are stupid’ prediction episode

Josh and Kurt talk about security predictions for 2020. None of the predictions are even a bit controversial or unexpected. We’re in a state of slow change, without disruptive technology next year will look a lot like this year. Show Notes The Rising Speed of Technological Adoption Slack Certified GDPR Fines and Notices Comment on Twitter withContinue reading “Episode 176 – The ‘predictions are stupid’ prediction episode”

Episode 175 – Defenders will always be one step behind

Josh and Kurt talk about the opportunistic nature of crime. Defenders have to defend, which means the adversaries are by definition always a step ahead. We use the context of automobile crimes to frame the discussion. Show Notes Stealing cars with radio relays RTL Software Defined Radio Canada most stolen car Comment on Twitter with the #osspodcastContinue reading “Episode 175 – Defenders will always be one step behind”