Podcast

Kurt and Josh discuss responsible disclosure, irresponsible disclosure, bug bounties, measuring security, usability AND security, as well as quality of life. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/288890601-opensourcesecuritypodcast-episode-9-are-bug-bounties-measuring-the-wrong-things.mp3 Show Notes Responsible Disclosure OpenSSL Security Policy Rain Forest Puppy Policy ISO 29147 Facebook Bug Bounty Security Spending Security AND Usability Comment on Twitter

Kurt and Josh discuss prime numbers (probably getting a lot of it wrong), Samsung, passwords, National Cyber Security Awareness Month, and bathroom scales. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/287233537-opensourcesecuritypodcast-episode-8-the-primality-of-prime-numbers.mp3 Show Notes New Prime Number Research Randomness testing Kurt’s Repo of Primes DNSSEC Signing Ceremony Magento Skimmer XKCD Wrench Comic Firesheep National Cyber Security Awareness Month Stop Trying to Fix the User Only Trust Food Delivered by Zebra Bathroom Scale Flaw Comment on Twitter

Kurt and Josh discuss the ORWL computer, crashing systemd with one line, NIST, and a security journal. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/285901909-opensourcesecuritypodcast-episode-7-more-powerful-than-root.mp3 Show Notes Physically secure open source computer Ancient Linux fax machine firmware systemd one liner crash Open security journal Let’s Encrypt Random Numbers in Go DRAFT Vulnerability Description Ontology Comment on Twitter

Kurt and Josh discuss interesting news stories https://traffic.libsyn.com/secure/opensourcesecuritypodcast/285305681-opensourcesecuritypodcast-episode-6-foundational-knowledge-of-security.mp3 Show Notes How much gold can you steal from the Canadian mint? Stop plugging random usb sticks in IoT DoS Cost of Security Kijiji World of VNC Shodan Security and Tribal Knowledge Comment on Twitter

Kurt and Josh discuss the recent OpenSSL update(s) https://traffic.libsyn.com/secure/opensourcesecuritypodcast/285193058-opensourcesecuritypodcast-episode-5-openssl-the-library-we-deserve.mp3 Show Notes OpenSSL Flaw Logo ​Sloppy programming leads to OpenSSL woes CVE-2016-6309 (OpenSSL advisory) [Critical severity] 26th September 2016 Sendmail “Bat” Book OpenSSL Man Pages Comment on Twitter

Josh and Kurt discuss news of the day, shipping, and container security https://traffic.libsyn.com/secure/opensourcesecuritypodcast/283885003-opensourcesecuritypodcast-episode-4-dead-squirrel-in-a-box.mp3 Show Notes Stealing shipped gold Shipping the Hope Diamond The French Underground Spam Nation The Random Darknet Shopper Kinder Eggs in the US Mailing crazy things Mailing Bricks to Alaska Uber’s self driving fleet Off the Hook radio show How to wipe email servers Government firewall rules xkcd grammar police Project Bubblewrap Comment on Twitter

Josh and Kurt discuss news of the day, banks, 3D printing, and lockpicking. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/282763713-opensourcesecuritypodcast-episode-3-the-lockpicking-sewing-circle.mp3 Show Notes Segate NAS mining bitcoin Telnet honeypot activity Bravia TVs losing Youtube 10 Million Raspberry Pis last.fm passwords Hack Proof Systems 3D printing pen LulzBot Comment on Twitter

Josh and Kurt discuss how open source security works. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/281731016-opensourcesecuritypodcast-episode-2-instills-the-proper-amount-of-fear.mp3 Show Notes CII Badges CVE Node Security Project CSO open source story Comment on Twitter

Josh and Kurt discuss their first podcast as well as random bits about open source security. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/281712199-opensourcesecuritypodcast-episode-1-rich-history-of-security-flaws.mp3 Show Notes Gordon-Loeb Model for investing 37% the cost of a breach Dunning-Kruger Mudge Mercedes tweet Fear of elevators Comment on Twitter