Josh and Kurt talk about a story from Microsoft declaring Rust the future of safe programming, replacing C and C++. We discuss how tooling affects progress and why this isn’t always obvious when you’re in the middle of progress. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_282_The_security_of_Rust_who_left_all_this_awesome_in_here.mp3 Show Notes Microsoft: Rust Is the Industry’s ‘Best Chance’ at Safe Systems Programming Josh’s devopsdays talk Microsoft moved font handling out of the kernel Atari 2600 emulator in Minecraft Rate of technology adoption

Josh and Kurt talk about the news that the NSO Group is widely distributing spyware onto a large number of devices. This news should be a wake up call for anyone creating devices and systems that could be attacked, it’s time to segment services. There’s not a lot individuals can do at this point, but we have some ideas at the end of the episode. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_281_If_you_spy_on_journalists_youre_the_bad_guys.mp3 Show Notes NSO Group spying Technical details Twitter thread Are we the Baddies?

Josh and Kurt talk about what happens when you lose access to your Single Sign On provider. These providers have become critical to many of us, if we lose access to our SSO account we will lose access to many services. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_280_The_perils_of_Single_Sign_On.mp3 Show Notes Postbank

TL;DR - The future of community identifier is going to be the Cloud Security Alliance. See this blog post for more details. A few months ago the Distributed Weakness Filing project (DWF), announced it was coming back to work with some new ideas around how we work with vulnerability identifiers. The initial blog post defines some of the reasons, we won’t rehash them here. It should surprise nobody that the DWF project did not grow to an enormous size in a few short months. Vulnerability identification is a complex and hard problem. We were looking to try out some new ideas and see which were effective and which were not effective. It was to start to build the structure to deal with a future community. Most importantly it was to help figure out what we don’t know we don’t know. ...

Josh and Kurt talk about the events happening to the Audacity audio editor. What happens if a popular open source application is acquired by an unknown entity? Can this happen to other open source projects? What can we do about it? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_279_The_audacity_of_Audacity_When_open_source_goes_rogue.mp3 Show Notes SGDQ Paper Mario Paper Mario Arbitrary Code Execution explained Freenode Audacity acquired by Muse Group Audacity fork

Josh and Kurt talk about a listener provided question. Could SELinux have stopped the SolarWinds attack? Given what we know, the answer is technically yes, but practically no. SELinux is awesome, but it’s very difficult to sandbox something like a build system. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_278_Could_SELinux_have_stopped_SolarWinds.mp3 Show Notes Gone in 60 milliseconds

Josh and Kurt talk to Chris Weiland from Restore the Fourth Minnesota. Restore The Fourth Minnesota is nonprofit dedicated to restoring the Fourth Amendment to the U.S. Constitution and ending unconstitutional mass government surveillance. Chris drops a ton of knowledge about how to be an effective tech activist, what his group is doing, and most importantly we get actionable advice! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_277_Privacy_and_activism_with_Chris_Weiland.mp3 Show Notes Restore the Fourth Minnesota Restore the Fourth Minnesota on Twitter Writ of assistance Carpenter vs United States How many US federal laws are there? Restore the Fourth Episode 114 – Review of “Click Here to Kill Everybody” EFF EFA ACLU affiliates Glenn Greenwald TED talk

Josh and Kurt talk about how our environment affects our behavior, and in turn our level of security. We often ignore what’s happening around us when everything is related. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_276_Security_behavior_and_the_environment.mp3 Show Notes Judges more lenient after a break Dungeons and Data Poverty changes your DNA

Josh and Kurt talk about why it seems like the world of ransomware has gotten out of control in the last few weeks. Every day there’s some new and more bizarre ransomware story than we had yesterday. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_275_What_in_the_is_going_on_with_ransomware.mp3 Show Notes Spurious Correlations Ransom recovered Adam Shostack Ransomware is not the problem Latvian Woman charged for writing ransomware

Josh and Kurt talk about Amazon sidewalk. There is a lot of attention, but how is this any different than the surveillance networks Apple and Google have built? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_274_Mr_Amazons_Neighborhood.mp3 Show Notes Amazon Sidewalk Ads and toothpaste Airtags and stalking