Josh and Kurt talk about how to get started in security. It’s like the hero’s journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. Show Notes Hero’s Journey Mudge’s Tweet L0pht at Congress Bob Ross Webkit Face ID and TouchContinue reading “Episode 221 – Security, magic, and FaceID”
Category Archives: Security
Episode 220 – Securing network time and IoT
Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore’s Cybersecurity Labelling Scheme (CLS). It probably won’t do a lot in the short term, but we hope it’s a beacon of hope for the future. Show NotesContinue reading “Episode 220 – Securing network time and IoT”
Episode 219 – Chat with Larry Cashdollar
Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! Show Notes Akamai Larry’s website Larry’s First CVE
Episode 218 – The past was a terrible place
Josh and Kurt talk about change. Specifically we discuss how the past was a terrible place. Never believe anyone who tells you it was better. Part of a career now is learning how to learn. The things you learn today won’t be useful skills in a few years. The future is is always better thanContinue reading “Episode 218 – The past was a terrible place”
A bug by any other name
This tweet from Jim Manico really has me thinking about why we like to consider security bugs special. There are a lot of tools on the market today to scan your github repos, containers, operating systems, web pages … pick something, for security vulnerabilities. I’ve written a very very long series about these scanners andContinue reading “A bug by any other name”
Episode 217 – How to tell your story with Travis Murdock
Josh and Kurt talk to Travis Murdock about how to tell your story. Travis explains how to talk to the press and how to tell our story in a way that helps get our message across and lets the reporter do their job better. Show Notes Ruder Finn CVE-2009-3555 Heartbleed
Episode 216 – Security didn’t find life on Venus
Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn’t really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn’t hear that though. We have a similar communication problem in security. How often are your words misunderstood?Continue reading “Episode 216 – Security didn’t find life on Venus”
Episode 215 – Real security is boring
Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. Show NotesContinue reading “Episode 215 – Real security is boring”
Episode 213 – Security Signals: What are you telling the world
Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. Show Notes Reddit carbon monoxide PartContinue reading “Episode 213 – Security Signals: What are you telling the world”
We take security seriously, VERY SRSLY!
Every company tells you they take security seriously. Some even take it very seriously. But do they? I started to think about this because of a recent Slack bug. I think there are a lot of interesting things we can look at to decide if a company is taking security seriously or if the companyContinue reading “We take security seriously, VERY SRSLY!”
