Josh and Kurt talk about VPNs and the upcoming eclipse. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_59_-_The_VPN_Episode.mp3 Show Notes Tor FAQ on not being anonymous HooToo Nano as a VPN box VPN Report Panopticlick WireGuard Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about MalwareTech, Debian killing off TLS 1.0 and 1.1, auto safety, HBO, and npm not typo squatting. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_58_-_Backwards_compatibility_to_the_point_of_insanity.mp3 Show Notes MalwareTech arrest Debian killing off TLS 1.0 and 1.1 Becky Bace auto safety talk New car crashing into an old car HBO Hackers npm credential stealing Chrome extension hijack Handbrake mirror hacked Weak npm credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_57_-_We_may_never_see_amazing_security_research_ever_again.mp3 Show Notes Safe cracking robot Mt. Gox arrest Defcon Voting Village Mailing strange things SMBLoris attack against SMBv1 Flash dies in 2020 Upgrading every version of windows DevOps history Prohibition grape juice warning Killer Car Wash Password Masking Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

I’m getting ready to attend Black Hat. I will miss BSides and Defcon this year unfortunately due to some personal commitments. And as I’m packing up my gear, I started thinking about what these conferences have really changed. We’ve been doing this every summer for longer than many of us can remember now. We make our way to the desert, we attend talks by what we consider the brightest minds in our industry. We meet lots of people. Everyone has a great time. But what is the actionable events that come from these things. ...

Josh and Kurt talk about forest fires, fuzzing, old time Internet, and Net Neutrality. Listen to Kurt play the Devil’s Advocate and manage to change Josh’s mind about net neutrality. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_56_-_Devils_advocate_and_other_fuzzy_topics.mp3 Show Notes Fuzzing httpd Fuzzing Freeradius AFL Fuzzer TruffleHog Archie search engine Space shuttle code Net Neutrality Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about Let’s Encrypt, certificates, Kaspersky, A/V, code signing, Not Petya, self driving cars, and failures that become security problems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/332865562-opensourcesecuritypodcast-episode-55-good-docs-ruin-my-story.mp3 Show Notes Let’s Encrypt Wildcard Certificates Let’s Encrypt Audit Chrome 61 to distrust WoSign and StartCom Kaspersky Story Ukrain Account Software Bloomberg Terminals Microsoft Code Signing Documents Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

The topic of hacking back keeps coming up these days. There’s an attempt to pass a bill in the US that would legalize hacking back. There are many opinions on this topic, I’m generally not one to take a hard stand against what someone else thinks. In this case though, if you think hacking back is a good idea, you’re wrong. Painfully wrong. Everything I’ve seen up to this point tells me the people who think hacking back is a good idea are either mistaken about the issue or they’re misleading others on purpose. Hacking back isn’t self defense, it’s not about being attacked, it’s not about protection. It’s a terrible idea that has no place in a modern society. Hacking back is some sort of stone age retribution tribal law. It has no place in our world. ...

Josh and Kurt talk about Canada Day, Not Petya, Interac goes down, Minecraft, airport security and books, then GDPR. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/331564004-opensourcesecuritypodcast-episode-54-turning-into-an-old-person.mp3 Show Notes Not Petya Interac goes down Remove books at airport security GDPR Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about security through obscurity, airplanes, the FAA, the Windows source code leak, and chicken sandwiches. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/330513530-opensourcesecuritypodcast-episode-53-a-plane-isnt-like-a-car.mp3 Show Notes FAA Security Through Obscurity Tavis Ormandy Windows Defender Linus’s Law Tesla Autopoilot Predicts Crashes 2010 Polish Air Force Tu-154 crash Windows 10 leak $1500 Chicken Sandwich Build a toaster from scratch Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

If you’ve not read my previous post on thought leadership, go do that now, this one builds on it. The thing that really kicked off my thinking on these matters was this article: Security liability is coming for software: Is your engineering team ready? The whole article is pretty silly, but the bit about liability and open source is the real treat. There’s some sort of special consideration when you use open source apparently, we’ll get back to that. Right now there is basically no liability of any sort when you use software. I doubt there will be anytime soon. Liability laws are tricky, but the lawyers I’ve spoken with have been clear that software isn’t currently covered in most instances. The whole article is basically nonsense from that respect. The people they interview set the stage for liability and responsibility then seem to discuss how open source should be treated special in this context. ...