Are you an expert? Do you know an expert? Do you want to be an expert? This came up for me the other day while having a discussion with a self proclaimed expert. I’m not going to claim I’m an expert at anything, but if you tell me all about how good you are, I’mContinue reading “On Experts”
Category Archives: Security
Episode 2 – Instills the proper amount of fear
Josh and Kurt discuss how open source security works. Show Notes CII Badges CVE Node Security Project CSO open source story Comment on Twitter
Episode 1 – Rich History of Security Flaws
Josh and Kurt discuss their first podcast as well as random bits about open source security. Show Notes Gordon-Loeb Model for investing 37% the cost of a breach Dunning-Kruger Mudge Mercedes tweet Fear of elevators Comment on Twitter
You can’t weigh risk if you don’t know what you don’t know
There is an old saying we’ve all heard at some point. It’s often attributed to Donald Rumsfeld. There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns —Continue reading “You can’t weigh risk if you don’t know what you don’t know”
How do we explain email to an "expert"?
This has been a pretty wild week, more wild than usual I think we can all agree. The topic I found the most interesting wasn’t about one of the countless 0day flaws, it was a story from Slate titled: In Praise of the Private Email Server The TL;DR says running your own email server is aContinue reading “How do we explain email to an "expert"?”
The cost of mentoring, or why we need heroes
Earlier this week I had a chat with David A. Wheeler about mentoring. The conversation was fascinating and covered many things, but the topic of mentoring really got me thinking. David pointed out that nobody will mentor if they’re not getting paid. My first thought was that it can’t be true! But upon reflection, I’m pretty sureContinue reading “The cost of mentoring, or why we need heroes”
Can’t Trust This!
Last week saw a really interesting bug in TCP come to light. CVE-2016-5696 describes an issue in the way Linux deals with challenge ACKs defined in RFC 5961. The issue itself is really clever and interesting. It’s not exactly new but given the research was presented at USENIX, it suddenly got more attention from the press. The researchersContinue reading “Can’t Trust This!”
We’re figuring out the security problem (finally)
If you attended Black Hat last week, the single biggest message I kept hearing over and over again is that what we do today in the security industry isn’t working. They say the first step is admitting you have a problem (and we have a big one). Of course it’s easy to proclaim this, ifContinue reading “We’re figuring out the security problem (finally)”
Everyone has been hacked
Unless you live in a cave (if you do, I’m pretty jealous) you’ve heard about all the political hacking going on. I don’t like to take sides, so let’s put aside who is right or wrong and use it as a lesson in thinking about how we have to operate in what is the newContinue reading “Everyone has been hacked”
Using a HooToo Nano as a magic VPN box
I’ve been getting myself ready for Blackhat. If you’re going you know this conference isn’t like most. You don’t bring your normal gear with you. You turn the tinfoil hat knob up to an 11, then keep turning it until it breaks off. I did do one thing that’s pretty clever this year though, IContinue reading “Using a HooToo Nano as a magic VPN box”
Open Source Security 