Josh and Kurt talk about government security incidents. The security concerns at the government level often have real life and death consequences. What happens when the leadership knowingly disregards security policy? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_169_What_happens_when_leadership_doesnt_care_about_security.mp3 Show Notes Breaking into a SCIF Whitehouse cybersecurity team Bugged typewriter Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the social norms of security. We also discuss security coprocessors and the reasons behind adding them to hardware. Is DRM a draconian security measure or do we need it to secure the future? We also touch on the story of NordVPN getting hacked. The real story isn’t they got hacked, the story is they responded like clowns. The actual problem was one of leadership, there are certain leadership skills you can’t be taught, you can only learn. ...

Josh and Kurt talk about the horrid state of digital literacy in the US. We start out talking about broken Phillips Hue light bulbs, then discuss research from Pew on the digital literacy of Americans. We may have accidentally discovered a use for all the cookie warnings every web site has. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_167_Security_is_terrible_because_digital_literacy_is_terrible.mp3 Show Notes Pew Research on American’s Digitcal Literacy Comment on Twitter with the #osspodcast hashtag

Josh and Kurt about cybersecurity awareness month. What’s our actionable advice we can give out? There isn’t much which is a fundamental part of the problem. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_166_Every_day_should_be_cybersecurity_awareness_month.mp3 Show Notes Cybersecurity awareness month Polar bear sized pigs Comment on Twitter with the #osspodcast hashtag

Josh and Kurt about a number of Microsoft security news items. They’ve changed how they are handling encrypted disks and are now forcing cloud logins on Windows users. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_165_Grab_Bag_of_Microsoft_Security_News.mp3 Show Notes Microsoft KB 4516071 A Security Market for Lemons Kurt’s file wiping advisory Lock Picking Lawyer vs Consumer Reports Sun Ray Linux Gamers: 20% of auto reported crashes Comment on Twitter with the #osspodcast hashtag

Josh and Kurt about DNS over HTTPS and how it may or may not destroy civilization. We also discuss the disruption of cloud in the context of security and touch on the news that GitHub is now a CVE CNA! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_164_DNS_over_HTTPS_Probably_not_the_end_of_the_world.mp3 Show Notes DNS over HTTPS California Privacy Law Defensive Security Podcast GitHub is a CNA Show Tags #DoH #DNSOverHTTPS Comment on Twitter with the #osspodcast hashtag

Josh and Kurt about the upcoming Python 2 EOL. What does it mean, why does it matter, and what you can you do? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_163_Death_to_python_2.mp3 Show Notes Python Clock Python’s statement about sunsetting Python 2 wifi 6 Comment on Twitter with the #osspodcast hashtag

Josh and Kurt speak with Allan Friedman of the US National Telecommunications and Information Administration about Software Bill of Materials. Where are we today, where are things going, and how you can help. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_162_SBOM_with_Allan_Friedman.mp3 Show Notes Allan Friedman NTIA NTIA Software Component Transparency Comment on Twitter with the #osspodcast hashtag

Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_161_Human_nature_and_ad_powered_open_source.mp3 Show Notes thegrugq secure android DoD JEDI program Firefox privacy settings Standard ads Max Headroom Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about disclosing security flaws in open source. This is part two of a discussion around how to disclose security issues. This episode focuses on some expectations and behaviors for open source projects as well as researchers trying to disclose a problem to a project. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_160_Disclosing_security_issues_is_insanely_complicated_Part_2.mp3 Show Notes webmin backdoor Github security advisories Comment on Twitter with the #osspodcast hashtag