Episode 174 – GitHub turns security up to 11; A discussion with Rob Schultheis

Josh and Kurt talk to Rob Schultheis from GitHub about some of the amazing projects GitHub is working on. We discuss GitHub security advisories, getting a CVE from GitHub, and what the new GitHub Security Lab is doing. It’s a great conversation about how GitHub is working to make security better for all of us. Show NotesContinue reading “Episode 174 – GitHub turns security up to 11; A discussion with Rob Schultheis”

Episode 164 – DNS over HTTPS: Probably not the end of the world

Josh and Kurt about DNS over HTTPS and how it may or may not destroy civilization. We also discuss the disruption of cloud in the context of security and touch on the news that GitHub is now a CVE CNA! Show Notes DNS over HTTPS California Privacy Law Defensive Security Podcast GitHub is a CNA ShowContinue reading “Episode 164 – DNS over HTTPS: Probably not the end of the world”

Episode 134 – What’s up with the container runc security flaw?

Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like. Show Notes runc security flaw – CVE-2019-5736 Comment on Twitter with the #osspodcast hashtag

Episode 56 – Devil’s Advocate and other fuzzy topics

Josh and Kurt talk about forest fires, fuzzing, old time Internet, and Net Neutrality. Listen to Kurt play the Devil’s Advocate and manage to change Josh’s mind about net neutrality. Show Notes Fuzzing httpd Fuzzing Freeradius AFL Fuzzer TruffleHog Archie search engine Space shuttle code Net Neutrality Join our Facebook Group Comment on Twitter with the #osspodcastContinue reading “Episode 56 – Devil’s Advocate and other fuzzy topics”

Episode 35 – Crazy Cosmic Accident

Josh and Kurt discuss SHA-1 and cloudbleed. Bug bounties come up, we compare security to the Higgs boson, and IPv6 comes up at the end. Show Notes SHA-1 attack Google Security Blog about SHA-1 Zcash hash algorithm analysis Webkit SVN Collision Google bug about cloudbleed Cloudflare Blog Known cloudbleed sites SHA-1 CVE-2005-4900 Whitewood Entropy Join our FacebookContinue reading “Episode 35 – Crazy Cosmic Accident”

Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)

Josh and Kurt are at the same place at the same time! We discuss our RSA sessions and how things went. Talk of CVE IDs, open source libraries, WordPress, and early morning sessions. Show Notes Bradley Kuh Typosquatting package managers (mirror) zlib embedded library problem WordPress CVE ID Josh’s 7am BoF session Bruce Schneier RSA talk JoinContinue reading “Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)”

Episode 28 – RSA Conference 2017

Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. Show Notes Kurt’s talk – Saving CVE wtih open source Josh’s P2P session – Managing Your Open Source Join our Facebook Group Comment on Twitter with theContinue reading “Episode 28 – RSA Conference 2017”