Episode 357 – Is open source being overexploited?

Josh and Kurt talk about how to think about open source in the context of society. Open source is more like a natural resource than a supplier. It’s common to think of open source projects as delivered to us, but it’s more like acquiring raw materials from the forest. The problem is we’re harvesting theContinue reading “Episode 357 – Is open source being overexploited?”

The perverse incentive of vulnerability counting

It seems like every few years the topic of counting vulnerabilities in products shows up. Last time the focus seemed to be around vulnerabilities in Linux distributions, which made distroless and very small container images popular. Today it seems to be around the vulnerabilities in open source dependencies. The general idea is you want toContinue reading “The perverse incentive of vulnerability counting”

Episode 356 – LastPass ducked up, now what?

Josh and Kurt talk about the LastPass saga. There’s a lot of great explanations about what happened, but there hasn’t been a lot of info on how to start cleaning up this mess. We rehash some of the existing details then try to untangle what existing users can do to try to start recovering. TheContinue reading “Episode 356 – LastPass ducked up, now what?”

Episode 354 – Jerry Bell tells us why Mastodon is awesome and MFA is hard

Josh and Kurt talk about how hard multi factor authentication is. This all starts from a Mastodon thread, and Jerry Bell, the administrator of infosec.exchange joins us to discuss password security and all things Mastodon. Infosec.exchange is an incredible story and Jerry weaves a thrilling tale. Show Notes

Episode 352 – Stylometry removes anonymity

Josh and Kurt talk about a new tool that can do Stylometry analysis of Hacker News authors. The availability of such tools makes anonymity much harder on the Internet, but it’s also not unexpected. The amount of power and tooling available now is incredible. We also discuss some of the future challenges we will seeContinue reading “Episode 352 – Stylometry removes anonymity”

Episode 351 – Is security or usability a law of the universe?

Josh and Kurt talk about end to end encrypted messages. This has been a popular topic lately due to the Mastodon popularity. Mastodon has a uniquely insecure messaging system, but they aren’t the only one. The eternal debate of can security and usability exist together? We suspect it can’t be, but it’s a very complicatedContinue reading “Episode 351 – Is security or usability a law of the universe?”

Episode 349 – The cyber is coming from inside the house – the UK is scanning itself

Josh and Kurt talk about the UK plan to scan their country’s IP space. The purpose and outcome of this isn’t completely clear at this point, but we are hopeful the data can be used as a positive force. We are only going to see more programs like this as all the governments are toldContinue reading “Episode 349 – The cyber is coming from inside the house – the UK is scanning itself”