old-1220013_1920

Episode 253 - Defenders only need to be right once

Josh and Kurt talk about this idea that seems to exist in security of “attackers only need to be right once” which is silly. The reality is attackers have to get everything right, defenders really only need to get it right once. But “defenders only need to be right once” isn’t going to sell any products. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_253_Defenders_only_need_to_be_right_once.mp3 Show Notes Richard Feynman and manhole covers Richard Feynman on Why He Can’t Tell You How Magnets Work Israeli airport security FAA stolen sweater XKCD Is it worth the time CGP Grey The trouble with transporters

January 11, 2021
slip-up-709045_1920

Episode 252 - Is open source dangerous? Open source won, who cares, shut up!

Josh and Kurt talk about a report on open source security from the Canadian Centre for Cyber Security. The title pretty much sums it up. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_252_Is_open_source_dangerous_Open_source_won_who_cares_shut_up.mp3 Show Notes Security Considerations for Open Source Build an 8 bit computer from scratch

January 4, 2021
wire-1781581_1920

Episode 251 - Communication is hard, security communication is more hard

Josh and Kurt talk about communication. It’s really hard to talk about a lot of what we do. How do we know if a device is secure? How do we know our knowledge is correct? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_251_Communication_is_hard_security_communication_is_more_hard.mp3 Show Notes 90 percent of U.S. bills carry traces of cocaine Is the moon a star or planet? A mole of moles New homeowner ‘freaked out’ when stranger took control of her security system Coffee maker ransomware NIST Phish Scale The metric system Operation Paperclip

December 28, 2020
25

Episode 250 - Door 25: Why do we do the things we do? Question everything

Josh and Kurt talk about why we do the things we do. Sometimes we have to question everything https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_250_Door_25_Why_do_we_do_the_things_we_do_Question_everything.mp3 Links SLAM missile

December 25, 2020
24

Episode 249 - Door 24: Information wants to be free

Josh and Kurt talk about the idea of information wanting to be free. It’s Christmas, we should give it what it wants! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_249_Door_24_Information_wants_to_be_free.mp3 Links Hacker Manifesto

December 24, 2020
23

Episode 248 - Door 23: How to report 1000 security flaws

Josh and Kurt talk about how to file 1000 security flaws. One is easy, scale is hard. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_248_Door_23_How_to_report_1000_security_flaws.mp3

December 23, 2020
22

Episode 247 - Door 22: How to report one security flaw

Josh and Kurt talk about how to report one security flaw https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_247_Door_22_How_to_report_one_security_flaw.mp3

December 22, 2020
21

Episode 246 - Door 21: Bug bounties

Josh and Kurt talk about bug bounties https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_246_Door_21_Bug_bounties.mp3

December 21, 2020
20

Episode 245 - Door 20: Is SMS 2FA better than no 2FA?

Josh and Kurt talk about if SMS 2 factor auth is better than no 2FA https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_245_Door_20_Is_SMS_2FA_better_than_no_2FA.mp3 Links Cyber deepfaked their host

December 20, 2020
19

Episode 244 - Door 19: TLS certificate trust

Josh and Kurt talk about modern TLS certificate trust https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_244_Door_19_TLS_certificate_trust.mp3

December 19, 2020