Josh and Kurt discuss door locks, Ikea, chair testing sounds, electrical safety, autonomous cars, and XML vs JSON. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/305513722-opensourcesecuritypodcast-episode-31-xml-is-never-the-solution.mp3 Show Notes Mersenne Prime Door Lock Ransomware Ikea Chair Testing Machine Costume Safety Tesseract Roost WiFi battery Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Last week I kept running into old school people trying to justify why something that made sense in the past still makes sense today. Usually I ignore these sort of statements, but I feel like I’m seeing them often enough it’s time to write something up. We’re in the middle of disruptive change. That means that the way security used to work doesn’t work anymore (some people think it does) and in the near future, it won’t work at all. In some instances will actually be harmful if it’s not already. ...

Josh and Kurt discuss security automation. Machine learning, AI, and a bunch of moral and philosophical boundaries that new future will bring. You’ve been warned. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/304449487-opensourcesecuritypodcast-episode-30-im-not-an-expert-but-ive-been-yelled-at-by-experts.mp3 Show Notes XKCD Is It Worth the Time? Larry Wall Google Translate AI invents its own language to translate with Black Mirror Social Media Episode St. Louis Public Library Ransomware Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

I found myself in a discussion earlier this week that worked its way into return on investment topics. Of course nobody could really agree on what the return was which is sort of how these conversations often work out. It’s really hard to decide what the return on investment is for security features and products. It can be hard to even determine cost sometimes, which should be the easy number to figure out. ...

Josh and Kurt discuss the security of the movie Rogue One! Spoiler: Security in the Star Wars universe is worse than security in our universe. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/303899056-opensourcesecuritypodcast-episode-29-the-security-of-rogue-one.mp3 Show Notes CinemaSins Soviet Tupolev Tu-4 Mechanical Computer Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/303432626-opensourcesecuritypodcast-episode-28-rsa-conference-2017.mp3 Show Notes Kurt’s talk - Saving CVE wtih open source Josh’s P2P session - Managing Your Open Source Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

I’ve decided to create yet another security analogy! You can’t tell, but I’m very excited to do this. One of my long standing complaints about security is there are basically no good analogies that make sense. We always try to talk about auto safety, or food safety, or maybe building security, how about pollution. There’s always some sort of existing real world scenario we try warp and twist in a way so we can tell a security story that makes sense. So far they’ve all failed. The analogy always starts out strong, then something happens that makes everything fall apart. I imagine a big part of this is because security is really new, but it’s also really hard to understand. It’s just not something humans are good at understanding. ...

Josh and Kurt discuss NTP, authentication issues, network security, airplane security, AI, and Minecraft. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/302981179-opensourcesecuritypodcast-episode-27-prove-to-me-you-are-human.mp3 Show Notes NTP “Attack” U2F Tokens Paying ransoms with iTunes giftcards Cloudflare Porcupine Google Security Design Overview Drone collides with a plane Israeli Security Harvest.ai Minecraft Mod installer Skyblock Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt end up discussing video game speed running, which is really just hacking. We also end up discussing the pitfalls of the modern world where you don’t own your software or services. Stallman was right! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/302260581-opensourcesecuritypodcast-episode-26-tell-your-sister-stallman-was-right.mp3 Show Notes Games Done Quick Super Mario Brother Speedrun Super Mario Brother Minus World Explanation speedrun.com Legend of Zelda Ghost Buffer Overflow Double Free Chris Evans NES audio exploit pwsafe Bad Ham Review Richard Stallman ...

Josh and Kurt end up discussing CES, IoT, WiFi everywhere, and the future. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/301707567-opensourcesecuritypodcast-episode-25-the-future-is-now.mp3 Show Notes CES WiFi Everywhere WiFi Hairbrush Ketchup QR Code Expired Domain Shodan uses NTP to gain IPv6 addresses FTC prize for securing IoT Antivirus MITM problems Rootshell Consumer Reports MacBook Pro Comment on Twitter with the #osspodcast hashtag