Last week I kept running into old school people trying to justify why something that made sense in the past still makes sense today. Usually I ignore these sort of statements, but I feel like I’m seeing them often enough it’s time to write something up. We’re in the middle of disruptive change. That means that the way security used to work doesn’t work anymore (some people think it does) and in the near future, it won’t work at all. In some instances will actually be harmful if it’s not already. ...

Josh and Kurt discuss security automation. Machine learning, AI, and a bunch of moral and philosophical boundaries that new future will bring. You’ve been warned. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/304449487-opensourcesecuritypodcast-episode-30-im-not-an-expert-but-ive-been-yelled-at-by-experts.mp3 Show Notes XKCD Is It Worth the Time? Larry Wall Google Translate AI invents its own language to translate with Black Mirror Social Media Episode St. Louis Public Library Ransomware Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

I found myself in a discussion earlier this week that worked its way into return on investment topics. Of course nobody could really agree on what the return was which is sort of how these conversations often work out. It’s really hard to decide what the return on investment is for security features and products. It can be hard to even determine cost sometimes, which should be the easy number to figure out. ...

Josh and Kurt discuss the security of the movie Rogue One! Spoiler: Security in the Star Wars universe is worse than security in our universe. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/303899056-opensourcesecuritypodcast-episode-29-the-security-of-rogue-one.mp3 Show Notes CinemaSins Soviet Tupolev Tu-4 Mechanical Computer Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/303432626-opensourcesecuritypodcast-episode-28-rsa-conference-2017.mp3 Show Notes Kurt’s talk - Saving CVE wtih open source Josh’s P2P session - Managing Your Open Source Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

I’ve decided to create yet another security analogy! You can’t tell, but I’m very excited to do this. One of my long standing complaints about security is there are basically no good analogies that make sense. We always try to talk about auto safety, or food safety, or maybe building security, how about pollution. There’s always some sort of existing real world scenario we try warp and twist in a way so we can tell a security story that makes sense. So far they’ve all failed. The analogy always starts out strong, then something happens that makes everything fall apart. I imagine a big part of this is because security is really new, but it’s also really hard to understand. It’s just not something humans are good at understanding. ...

Josh and Kurt discuss NTP, authentication issues, network security, airplane security, AI, and Minecraft. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/302981179-opensourcesecuritypodcast-episode-27-prove-to-me-you-are-human.mp3 Show Notes NTP “Attack” U2F Tokens Paying ransoms with iTunes giftcards Cloudflare Porcupine Google Security Design Overview Drone collides with a plane Israeli Security Harvest.ai Minecraft Mod installer Skyblock Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt end up discussing video game speed running, which is really just hacking. We also end up discussing the pitfalls of the modern world where you don’t own your software or services. Stallman was right! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/302260581-opensourcesecuritypodcast-episode-26-tell-your-sister-stallman-was-right.mp3 Show Notes Games Done Quick Super Mario Brother Speedrun Super Mario Brother Minus World Explanation speedrun.com Legend of Zelda Ghost Buffer Overflow Double Free Chris Evans NES audio exploit pwsafe Bad Ham Review Richard Stallman ...

Josh and Kurt end up discussing CES, IoT, WiFi everywhere, and the future. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/301707567-opensourcesecuritypodcast-episode-25-the-future-is-now.mp3 Show Notes CES WiFi Everywhere WiFi Hairbrush Ketchup QR Code Expired Domain Shodan uses NTP to gain IPv6 addresses FTC prize for securing IoT Antivirus MITM problems Rootshell Consumer Reports MacBook Pro Comment on Twitter with the #osspodcast hashtag

As an industry, we suck at giving advice. I don’t mean this in some negative hateful way, it’s just the way it is. It’s human nature really. As a species most of us aren’t very good at giving or receiving advice. There’s always that vision of the wise old person dropping wisdom on the youth like it’s candy. But in reality they don’t like the young people much more than the young people like them. Ever notice the contempt the young and old have for each other? It’s just sort of how things work. If you find someone older and wiser than you who is willing to hand out good advice, stick close to that person. You won’t find many more like that. ...