Security

A long time ago Marc Andreessen said “software is eating the world”. This statement ended up being quite profound in hindsight, as most profound statements are. At the time nobody really understood what he meant and it probably wasn’t until the public cloud caught on that it became something nobody could ignore. The future of technology was less about selling hardware as it is about building software. We’re at a point now where it’s time to rethink software. Well, the rethinking happened quite some time ago, now everyone has to catch up. Today it’s a pretty safe statement to declare open source is eating the world. Open source won, it’s everywhere, you can’t not use it. It’s not always well understood. And it’s powering your supply chain, even if you don’t know it. ...

Josh and Kurt talk about Brexit, voting, Firefox send, and toxic comments. Is there anything we can do to slow the current trend of conversation on the Internet always seeming to spiral out of control? The answer is maybe with a lot of asterisks. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_139_secure_voting_firefox_send_and_toxic_comments_on_the_internet.mp3 Show Notes Swiss evoting Darpa $10 million secure voting Firefox Send Jigsaw and toxic comments Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about a prank gone wrong, the reality of when your data ends up public. Once it’s public you can’t ever put it back. We also discuss Notepad++ no longer signing releases and what signing releases means for the world in general. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_138_Information_wants_to_be_free.mp3 Show Notes Japanese girl arrested Publish package to the npm registry University study on developers and passwords Kurt’s blockchain project - OpenCPEs Notepad++ stops signing releases What is a photocopier? TASBot Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about Beto being in the Cult of the Dead Cow (cDc). This is a pretty big deal in a very good way. We hit on some history, why it’s a great thing, what we can probably expect from opponents. There’s even some advice at the end how we can all help. We need more politicians with backgrounds like this. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_137_5_Holy_cow_Beto_was_in_the_cDc_this_is_awesome.mp3 Show Notes Cult of the Dead Cow Phrack Beto in the cDc 2600 Off the Hook Stallman Hacker Song Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about when devices attack! It’s not quite that exciting, but there have been a slew of news about physical devices causing problems for humans. We end on the note that we’re getting closer to a point when lawyers and regulators will start to pay attention. We’re not there yet, so we still have a horrible insecure future on the horizon. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_137_When_the_IoT_attacks.mp3 Show Notes Bricking a shoe Lime scooters throwing passengers off Malicious USB cables Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about github blocking the Deepfakes repository. There’s a far bigger discussion about how people feel, and sometimes security fails to understand that making people feel happy or safer is more important than being right. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_136_How_people_feel_is_more_important_than_being_right.mp3 Show Notes Github Deepfakes discussion Cloudflare’s SOCKMAP blog Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about change your password day (what a terrible day). Google’s password checkup (not a terrible idea), an AI finding new spice flavors we expect will one day take over the world, and we finish up on a new DoD cloud strategy. Also Josh burnt his finger, but is going to be OK. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_135_Passwords_AI_and_cloud_strategy.mp3 Show Notes Change your password day Google password checkup AI finds new flavors DoD cloud strategy Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_134_Whats_up_with_the_container_runc_security_flaw.mp3 Show Notes runc security flaw - CVE-2019-5736 Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the fiasco hacks4pancakes described on Twitter and what the future of smart locks will look like. We then discuss what it means if the Japanese government starts hacking consumer IoT gear, is it ethical? Will it make anything better? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_133_Smart_locks_and_the_government_hacking_devices.mp3 Show Notes @hacks4pancakes smart lock fiasco LockPickingLawyer Japanese government hacking devices Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the Bird Scooter vs Corey Doctorow incident. We then get into some of the social norms around new technology and what lessons the security industry can take from something new like shared scooters. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_132_Bird_Scooter_0_Cory_Doctorow_1.mp3 Show Notes Bird vs Corey Doctorow Josh’s CES blog Comment on Twitter with the #osspodcast hashtag