Josh and Kurt discuss the recent Google phish attack. Show Notes Google phish spam Mail from 2011 detailing attack Links to OAuth permissions on major services https://myaccount.google.com/permissions https://twitter.com/settings/applications https://www.facebook.com/settings?tab=applications https://www.linkedin.com/psettings/third-party-applications https://account.live.com/Consent/Manage https://www.amazon.com/gp/mas/your-account/myapps Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Category Archives: Security
Security like it’s 2005!
I was reading the newspaper the other day (the real dead tree newspaper) and I came across an op-ed from my congressperson. Gallagher: Cybersecurity for small business It’s about what you’d expect but comes with some actionable advice! Well, not really. Here it is so you don’t have to read the whole thing. Businesses canContinue reading “Security like it’s 2005!”
Episode 45 – Trust is more important now than the truth
Josh and Kurt discuss not-counterfeit MTG cards, antivirus, squirrelmail, unroll.me, grsecurity, baby monitors, and trust. Show Notes Mom Apologizes For Trying To Sell Son’s Rare Magic Card Squirrelmail security issue Stealing all your mail grsecurity Baby monitor security Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Security fail is people
The other day I ran across someone trying to keep their locker secured by using a combination lock. As you can see in the picture, the lock is on the handle of the locker, not on the loop that actually locks the door. When I saw this I had a good chuckle, took a picture,Continue reading “Security fail is people”
Episode 44 – Bug Bounties vs Pen Testing
Josh and Kurt discuss Lego, bug bounties, pen testing, thought leadership, cars, lemons, entropy, and CVE. Show Notes Josh’s Blog on Bug Bounties A Security Market for Lemons Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
I have seen the future, and it is bug bounties
Every now and then I see something on a blog or Twitter about how you can’t replace a pen test with a bug bounty. For a long time I agreed with this, but I’ve recently changed my mind. I know this isn’t a super popular opinion (yet), and I don’t think either side of thisContinue reading “I have seen the future, and it is bug bounties”
Episode 43 – We are totally immature
Josh and Kurt discuss Shadow Brokers, pronouncing GIF, Atlanta’s road problems, browser phishing, warning sirens, IoT, and fake Magic the Gathering cards. Show Notes Shadow Brokers How to pronounce GIF Atlanta gas leak breaks road New browser location phishing attack Hacked warning sirens IoT bricking malware Fake MTG cards Join our Facebook Group Comment on Twitter withContinue reading “Episode 43 – We are totally immature”
Crawl, Walk, Drive
It’s that time of year again. I don’t mean when all the government secrets are leaked onto the Internet by some unknown organization. I mean the time of year when it’s unsafe to cross streets or ride your bike. At least in the United States. It’s possible more civilized countries don’t have this problem. IContinue reading “Crawl, Walk, Drive”
Episode 42 – Hitchhiker’s Guide to Security
Josh and Kurt discuss the security themes and events in the context of the HHGG movie. Show Notes HHGG Movie (2005) Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
The obvious answer is never the secure answer
One of the few themes that comes up time and time again when we talk about security is how bad people tend to be at understanding what’s actually going on. This isn’t really anyone’s fault, we’re expecting people to go against what is essentially millions of years of evolution that created our behaviors. Most securityContinue reading “The obvious answer is never the secure answer”
Open Source Security 