Josh and Kurt are at the same place at the same time! We discuss our RSA sessions and how things went. Talk of CVE IDs, open source libraries, WordPress, and early morning sessions. Show Notes Bradley Kuh Typosquatting package managers (mirror) zlib embedded library problem WordPress CVE ID Josh’s 7am BoF session Bruce Schneier RSA talk JoinContinue reading “Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)”
Category Archives: Security
Reality Based Security
If I demand you jump off the roof and fly, and you say no, can I call you a defeatist? What would you think? To a reasonable person it would be insane to associate this attitude with being a defeatist. There are certain expectations that fall within the confines of reality. Expecting things to happenContinue reading “Reality Based Security”
Episode 32 – Gambling as a Service
Josh and Kurt discuss random numbers, a lot. Also slot machines, gambling, and dice. Show Notes Dilbert Random Numbers Slot Machine Cheats dieharder Cracking the Scratch Lottery Intel Atom 2000 Lavarand diceomatic Google security neuroscience Militant moderates Show tags: #random #prng Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 31 – XML is never the solution
Josh and Kurt discuss door locks, Ikea, chair testing sounds, electrical safety, autonomous cars, and XML vs JSON. Show Notes Mersenne Prime Door Lock Ransomware Ikea Chair Testing Machine Costume Safety Tesseract Roost WiFi battery Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Everything you know about security is wrong, stop protecting your empire!
Last week I kept running into old school people trying to justify why something that made sense in the past still makes sense today. Usually I ignore these sort of statements, but I feel like I’m seeing them often enough it’s time to write something up. We’re in the middle of disruptive change. That meansContinue reading “Everything you know about security is wrong, stop protecting your empire!”
Episode 30 – I’m not an expert but I’ve been yelled at by experts
Josh and Kurt discuss security automation. Machine learning, AI, and a bunch of moral and philosophical boundaries that new future will bring. You’ve been warned. Show Notes XKCD Is It Worth the Time? Larry Wall Google Translate AI invents its own language to translate with Black Mirror Social Media Episode St. Louis Public Library Ransomware Join ourContinue reading “Episode 30 – I’m not an expert but I’ve been yelled at by experts”
Return on Risk Investment
I found myself in a discussion earlier this week that worked its way into return on investment topics. Of course nobody could really agree on what the return was which is sort of how these conversations often work out. It’s really hard to decide what the return on investment is for security features and products.Continue reading “Return on Risk Investment”
Episode 29 – The Security of Rogue One
Josh and Kurt discuss the security of the movie Rogue One! Spoiler: Security in the Star Wars universe is worse than security in our universe. Show Notes CinemaSins Soviet Tupolev Tu-4 Mechanical Computer Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 28 – RSA Conference 2017
Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. Show Notes Kurt’s talk – Saving CVE wtih open source Josh’s P2P session – Managing Your Open Source Join our Facebook Group Comment on Twitter with theContinue reading “Episode 28 – RSA Conference 2017”
What does security and USB-C have in common?
I’ve decided to create yet another security analogy! You can’t tell, but I’m very excited to do this. One of my long standing complaints about security is there are basically no good analogies that make sense. We always try to talk about auto safety, or food safety, or maybe building security, how about pollution. There’sContinue reading “What does security and USB-C have in common?”
Open Source Security 