Josh and Kurt talk about container security with IBM’s Chris Rosen. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_88_chat_with_chris_rosen_from_ibm_about_container_security.mp3 Show Notes Chris Rosen Kubernetes Istio Grafeas Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about Let’s Encrypt with co-founder Josh Aas. We discuss the past, present, and future of the project. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_87_Chat_with_lets_encrypt_co-founder_josh_aas.mp3 Show Notes Let’s Encrypt Josh Aas Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

This week I’ve been thinking about how security people and non security people interact. Various conversations I have often end up with someone suggesting everyone needs some sort of security responsibility. My suspicion is this will never work. First some background to think about. In any organization there are certain responsibilities everyone has. Without using security as our specific example just yet, let’s consider how a typical building functions. You have people who are tasked with keeping the electricity working, the plumbing, the heating and cooling. Some people keep the building clean, some take care of the elevators. Some work in the building to accomplish some other task. If the company that inhabits the building is a bank you can imagine the huge number of tasks that take place inside. ...

Josh and Kurt talk about the Trustico certificate incident and Let’s Encrypt. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_86_What_happens_when_23_thousand_certificates_leak.mp3 Show Notes Certificate revocation Trustico website incident Let’s Encrypt ACME v2 XKCD PGP verification FreeIPA Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about npm 5.7.0 breaking Linux systems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_85_npm_ate_my_files.mp3 Show Notes NPM 5.7.0 issue Hacker News thread Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the new data dump from Have I been pwned? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_84_Have_I_been_pwned.mp3 Show Notes Have I been pwned? Pwned passwords version 2 XKCD password strength Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_83_XKCD_CVE_XKCVE.mp3 https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_82_-_RSA_TLS_Chrome_HTTP_and_PCI.mp3 Show Notes Textbook RSA paper Wikipedia ECB PCI and TLS Google Chrome and insecure http Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_81-Autosploit_bug_bounties_and_the_future_of_security.mp3 Show Notes AutoSploit SATAN GM Promises not to sue researchers Equifax probe put on ice Mozilla strips referer path Face swap Washington post fake story Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_80_-_GPS_tracking_and_jamming.mp3 Show Notes Fitness tracking secret locations Jamming GPS Join our Facebook Group Comment on Twitter with the #osspodcast hashtag