Posts

Josh and Kurt talk about the latest attack on bluetooth and discuss phishing in the modern world. U2F is a great way to stop phishing, training is not. We also discuss airgaps in response to attacks on airgapped power utilities. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_108_bluetooth_phishing_airgaps_and_eating_soup_off_the_floor.mp3 Show Notes ECDH in Bluetooth Diffie-Hellman with paint Google Phishing Hackers jumped air gaps Portable secure data center Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about modern hardware, how security relates to devices and actions. Everything from secure devices, to the cables we use, to thermal cameras and coat hangers. We end the conversation discussing the words we use and how they affect the way people see us and themselves. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_107_the_year_of_the_linux_desktop_and_other_hardware_stories.mp3 Show Notes Linux on Chromebooks Touchscreen and secrets Coat hanger vs Monster cables Build a toaster Join our Facebook Group ...

Josh and Kurt talk about Cory Doctorow’s piece on Facebook data privacy. It’s common to call data the new oil but it’s more like nuclear waste. How we fix the data problem in the future is going to require solutions we can’t yet imagine as well as new ways of thinking about the problems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_106_data_isnt_oil_its_nuclear_waste.mp3 Show Notes Mark Zuckerberg and his empire of oily rags Fitness app leak Operation Mincemeat Bancor cryptocurrency theft CryptoKitties Join our Facebook Group ...

Josh and Kurt talk about some recent backdoor problems in open source packages. We touch on is open source secure, how that security works, and what it should look like in the future. This problem is never going to go away or get better, and that’s probably OK. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_105_more_backdoors_in_open_source.mp3 Show Notes eslint-scope issue Arch Linux Acrobat Reader issue Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

A lot of what we call security is voodoo. Most of it actually. What I mean with that statement is our security process is often based on ideas that don’t really work. As an industry we have built up a lot of ideas and processes that aren’t actually grounded in facts and science. We don’t understand why we do certain things, but we know that if we don’t do those things something bad will happen! Will it really happen? I heard something will happen. I suspect the answer is no, but it’s very difficult to explain this concept sometimes. ...

Josh and Kurt talk about the Gentoo security incident. Gentoo did a really good job being open and dealing with the incident quickly. The basic takeaway from all this is make sure your organization is forcing users to use 2 factor authentication. The long term solution is going to be all identity providers forcing everyone to use 2FA. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_104_the_gentoo_security_incident.mp3 Show Notes Gentoo incident timeline Have I Been Pwned Cloudflare Join our Facebook Group ...

Josh and Kurt talk about a Microsoft Research paper titled “The Seven Properties of Highly Secure Devices”. We take a real world view into how to secure our devices. What works, what doesn’t work, and why this list is actually really good. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_103_the_seven_properties_of_highly_secure_devices.mp3 Show Notes 7 Properties of Highly Secure Devices Pwn2Own Kurt’s dryer vent tweet Mars rover filesystem bug The Update Framework (TUF) Join our Facebook Group Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk to Michael Feiertag, the CEO of tCell. We talk about what a Web Application Firewall is, what it does and doesn’t do, and what the future of this technology looks like. We touch on how this affects a DevOps environment. Security has to fit into the existing model, not try to change it. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_102_michael_feiertag_from_tcell.mp3 Show Notes Michael’s LinkedIn Michael’s Twitter tCell Web Application Firewall (WAF) Runtime Application Self Protection (RASP) Join our Facebook Group ...

Josh and Kurt talk about Bird scooters. The implications of the scooters on the city, segways, bicycles. The topic of how these vehicles interact with pedestrians on the road and trails. It’s an example of humans not wanting to follow the rules and generally making the situation annoying for everyone. It’s the old security story of new technology without clear rules. The show ends with some horrifying numbers behind how bad things get before people really care. ...

Josh and Kurt talk about how to be a smart security buyer. We have guest Steve Mayzak walk us through how a the buying process works as well as giving out a ton of great advice. Even if you’re experienced with how to buy security technology you should give this a listen. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_100_your_bad_at_buying_solutions_we_can_help.mp3 Show Notes Buyer training Join our Facebook Group Comment on Twitter with the #osspodcast hashtag