Josh and Kurt talk about npm 5.7.0 breaking Linux systems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_85_npm_ate_my_files.mp3 Show Notes NPM 5.7.0 issue Hacker News thread Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about the new data dump from Have I been pwned? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_84_Have_I_been_pwned.mp3 Show Notes Have I been pwned? Pwned passwords version 2 XKCD password strength Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_83_XKCD_CVE_XKCVE.mp3 https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_82_-_RSA_TLS_Chrome_HTTP_and_PCI.mp3 Show Notes Textbook RSA paper Wikipedia ECB PCI and TLS Google Chrome and insecure http Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_81-Autosploit_bug_bounties_and_the_future_of_security.mp3 Show Notes AutoSploit SATAN GM Promises not to sue researchers Equifax probe put on ice Mozilla strips referer path Face swap Washington post fake story Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_80_-_GPS_tracking_and_jamming.mp3 Show Notes Fitness tracking secret locations Jamming GPS Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Skyfall ScotlandJosh and Kurt talk about Skyfall, fake reports, risk, logging, and how a civilized society functions. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_79_-_skyfall_please_dont_yell_fire.mp3 Show Notes Skyfall attack (via archive.org) httpoxy Tide pod challenge Fabuloso Broken Window Parable 15 year old head of CIA Cloudflare core dumps Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about the accidental missile warning in Hawaii. We also discuss general preparedness and risk. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_78_-_Risk_lessons_from_Hawaii.mp3 Show Notes Hawaii missile incident XKCD Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_77_-_npm_and_the_supply_chain.mp3 Show Notes npm and kik Harvesting credit card numbers story Tidelift TN3270 Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Josh and Kurt talk about the aftermath of Meltdown. The details of the flaw are probably less interesting than what happens now. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_76_-_Meltdown_aftermath.mp3 Show Notes AMD certificate flaw Dumping the PS4 kernel in 6 days Raspberry Pi not vulnerable to Meltdown CERT says get a new CPU Windows A/V registry key Join our Facebook Group Comment on Twitter with the #osspodcast hashtag