Josh and Kurt talk about the events happening to the Audacity audio editor. What happens if a popular open source application is acquired by an unknown entity? Can this happen to other open source projects? What can we do about it? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_279_The_audacity_of_Audacity_When_open_source_goes_rogue.mp3 Show Notes SGDQ Paper Mario Paper Mario Arbitrary Code Execution explained Freenode Audacity acquired by Muse Group Audacity fork

Josh and Kurt talk about a listener provided question. Could SELinux have stopped the SolarWinds attack? Given what we know, the answer is technically yes, but practically no. SELinux is awesome, but it’s very difficult to sandbox something like a build system. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_278_Could_SELinux_have_stopped_SolarWinds.mp3 Show Notes Gone in 60 milliseconds

Josh and Kurt talk to Chris Weiland from Restore the Fourth Minnesota. Restore The Fourth Minnesota is nonprofit dedicated to restoring the Fourth Amendment to the U.S. Constitution and ending unconstitutional mass government surveillance. Chris drops a ton of knowledge about how to be an effective tech activist, what his group is doing, and most importantly we get actionable advice! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_277_Privacy_and_activism_with_Chris_Weiland.mp3 Show Notes Restore the Fourth Minnesota Restore the Fourth Minnesota on Twitter Writ of assistance Carpenter vs United States How many US federal laws are there? Restore the Fourth Episode 114 – Review of “Click Here to Kill Everybody” EFF EFA ACLU affiliates Glenn Greenwald TED talk

Josh and Kurt talk about how our environment affects our behavior, and in turn our level of security. We often ignore what’s happening around us when everything is related. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_276_Security_behavior_and_the_environment.mp3 Show Notes Judges more lenient after a break Dungeons and Data Poverty changes your DNA

Josh and Kurt talk about why it seems like the world of ransomware has gotten out of control in the last few weeks. Every day there’s some new and more bizarre ransomware story than we had yesterday. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_275_What_in_the_is_going_on_with_ransomware.mp3 Show Notes Spurious Correlations Ransom recovered Adam Shostack Ransomware is not the problem Latvian Woman charged for writing ransomware

Josh and Kurt talk about Amazon sidewalk. There is a lot of attention, but how is this any different than the surveillance networks Apple and Google have built? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_274_Mr_Amazons_Neighborhood.mp3 Show Notes Amazon Sidewalk Ads and toothpaste Airtags and stalking

Josh and Kurt talk about AI driven comments. We live in a world of massive confusion and disruption where what is true and false, real and fake, are often widely debated. As AI grows and evolves what does it mean for this future? We don’t really have any answers, but we ask a lot of questions. This isn’t easy, nor will it be solved quickly, but solving it is not optional. ...

Josh and Kurt talk about the Biden Administration new cybersecurity executive order. There are some good ideas in there, but at the end of the day it’s an unfunded mandate. Unfunded mandates are difficult to implement. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_272_The_Biden_Cybersecurity_Executive_Order.mp3 Show Notes Biden Executive Order Fact Sheet Obama’s cyber EO

Josh and Kurt talk about how people handle problems. We open with the story of the Colonial Pipeline hack, but then go into some of the ways people tend to make problems worse. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_271_Pipeline_security_There_is_no_problem_humans_cant_make_worse.mp3 Show Notes Male vs Female trees Pipeline hack XKCD Pipelines TSA Pipeline Security

Josh and Kurt talk about dark patterns. A dark pattern is when a service tries to confuse a user into doing something they don’t want to, like unknowingly purchasing a monthly subscription to something you don’t need or want. The US Federal Trade Commission is starting to discuss dark patterns in webs sites and apps. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_270_Hello_dark_patterns_my_old_friend.mp3 Show Notes Dark Patterns Types of Dark Patterns FTC Bringing Dark Patterns to Light LTT Dell Warranty