Episode 56 – Devil’s Advocate and other fuzzy topics

Josh and Kurt talk about forest fires, fuzzing, old time Internet, and Net Neutrality. Listen to Kurt play the Devil’s Advocate and manage to change Josh’s mind about net neutrality. Show Notes Fuzzing httpd Fuzzing Freeradius AFL Fuzzer TruffleHog Archie search engine Space shuttle code Net Neutrality Join our Facebook Group Comment on Twitter with the #osspodcastContinue reading “Episode 56 – Devil’s Advocate and other fuzzy topics”

Episode 35 – Crazy Cosmic Accident

Josh and Kurt discuss SHA-1 and cloudbleed. Bug bounties come up, we compare security to the Higgs boson, and IPv6 comes up at the end. Show Notes SHA-1 attack Google Security Blog about SHA-1 Zcash hash algorithm analysis Webkit SVN Collision Google bug about cloudbleed Cloudflare Blog Known cloudbleed sites SHA-1 CVE-2005-4900 Whitewood Entropy Join our FacebookContinue reading “Episode 35 – Crazy Cosmic Accident”

Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)

Josh and Kurt are at the same place at the same time! We discuss our RSA sessions and how things went. Talk of CVE IDs, open source libraries, WordPress, and early morning sessions. Show Notes Bradley Kuh Typosquatting package managers (mirror) zlib embedded library problem WordPress CVE ID Josh’s 7am BoF session Bruce Schneier RSA talk JoinContinue reading “Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)”

Episode 28 – RSA Conference 2017

Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. Show Notes Kurt’s talk – Saving CVE wtih open source Josh’s P2P session – Managing Your Open Source Join our Facebook Group Comment on Twitter with theContinue reading “Episode 28 – RSA Conference 2017”

Looks like you have a bad case of embedded libraries

A long time ago pretty much every application and library carried around its own copy of zlib. zlib is a library that does really fast and really good compression and decompression. If you’re storing data or transmitting data, it’s very likely this library is in use. It’s easy to use and is public domain. It’sContinue reading “Looks like you have a bad case of embedded libraries”