Episode 85 - NPM ate my files

Josh and Kurt talk about npm 5.7.0 breaking Linux systems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_85_npm_ate_my_files.mp3 Show Notes NPM 5.7.0 issue Hacker News thread Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 28, 2018

Episode 84 - Have I been pwned?

Josh and Kurt talk about the new data dump from Have I been pwned? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_84_Have_I_been_pwned.mp3 Show Notes Have I been pwned? Pwned passwords version 2 XKCD password strength Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 25, 2018

Episode 83 - XKCD + CVE = XKCVE

Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_83_XKCD_CVE_XKCVE.mp3 https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 21, 2018

Episode 82 - RSA, TLS, Chrome HTTP, and PCI

Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_82_-_RSA_TLS_Chrome_HTTP_and_PCI.mp3 Show Notes Textbook RSA paper Wikipedia ECB PCI and TLS Google Chrome and insecure http Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 13, 2018

Episode 81 - Autosploit, bug bounties, and the future of security

Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_81-Autosploit_bug_bounties_and_the_future_of_security.mp3 Show Notes AutoSploit SATAN GM Promises not to sue researchers Equifax probe put on ice Mozilla strips referer path Face swap Washington post fake story Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 7, 2018

Episode 80 - GPS tracking and jamming

Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_80_-_GPS_tracking_and_jamming.mp3 Show Notes Fitness tracking secret locations Jamming GPS Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

January 31, 2018

Episode 79 - Skyfall: please don't yell 'fire'

Skyfall ScotlandJosh and Kurt talk about Skyfall, fake reports, risk, logging, and how a civilized society functions. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_79_-_skyfall_please_dont_yell_fire.mp3 Show Notes Skyfall attack (via archive.org) httpoxy Tide pod challenge Fabuloso Broken Window Parable 15 year old head of CIA Cloudflare core dumps Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

January 24, 2018

Episode 78 - Risk lessons from Hawaii

Josh and Kurt talk about the accidental missile warning in Hawaii. We also discuss general preparedness and risk. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_78_-_Risk_lessons_from_Hawaii.mp3 Show Notes Hawaii missile incident XKCD Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

January 16, 2018

Episode 77 - npm and the supply chain

Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_77_-_npm_and_the_supply_chain.mp3 Show Notes npm and kik Harvesting credit card numbers story Tidelift TN3270 Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

January 11, 2018

Episode 76 - Meltdown aftermath

Josh and Kurt talk about the aftermath of Meltdown. The details of the flaw are probably less interesting than what happens now. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_76_-_Meltdown_aftermath.mp3 Show Notes AMD certificate flaw Dumping the PS4 kernel in 6 days Raspberry Pi not vulnerable to Meltdown CERT says get a new CPU Windows A/V registry key Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

January 7, 2018