Spend until you're secure

I was watching a few Twitter conversations about purchasing security last week and had yet another conversation about security ROI. This has me thinking about what we spend money on. In many industries we can spend our way out of problems, not all problems, but a lot of problems. With security if I gave you a blank check and said “fix it”, you couldn’t. Our problem isn’t money, it’s more fundamental than that. ...

April 5, 2018

Episode 90 - Humans and misinformation

Josh and Kurt talk about all the current misinformation, how humans react to it, and what it means for security. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-90_humans_and_misinformation.mp3 Show Notes Virus infections during lent Wikipedia circular reporting Guccifer Bad Twitter VPN advice Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

April 2, 2018

Episode 89 - Short selling AMD security flaws

Josh and Kurt talk about the recent AMD flaws and the events surrounding the disclosure. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-89_short_selling_amd_security_flaws.mp3 Show Notes AMD flaws Activist investing Microsoft side channel bounty Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

March 25, 2018

Episode 88 - Chat with Chris Rosen from IBM about Container Security

Josh and Kurt talk about container security with IBM’s Chris Rosen. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_88_chat_with_chris_rosen_from_ibm_about_container_security.mp3 Show Notes Chris Rosen Kubernetes Istio Grafeas Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

March 18, 2018

Episode 87 - Chat with Let's Encrypt co-founder Josh Aas

Josh and Kurt talk about Let’s Encrypt with co-founder Josh Aas. We discuss the past, present, and future of the project. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_87_Chat_with_lets_encrypt_co-founder_josh_aas.mp3 Show Notes Let’s Encrypt Josh Aas Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

March 11, 2018

But that's not my job!

This week I’ve been thinking about how security people and non security people interact. Various conversations I have often end up with someone suggesting everyone needs some sort of security responsibility. My suspicion is this will never work. First some background to think about. In any organization there are certain responsibilities everyone has. Without using security as our specific example just yet, let’s consider how a typical building functions. You have people who are tasked with keeping the electricity working, the plumbing, the heating and cooling. Some people keep the building clean, some take care of the elevators. Some work in the building to accomplish some other task. If the company that inhabits the building is a bank you can imagine the huge number of tasks that take place inside. ...

March 7, 2018

Episode 86 - What happens when 23 thousand certificates leak?

Josh and Kurt talk about the Trustico certificate incident and Let’s Encrypt. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_86_What_happens_when_23_thousand_certificates_leak.mp3 Show Notes Certificate revocation Trustico website incident Let’s Encrypt ACME v2 XKCD PGP verification FreeIPA Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

March 5, 2018

Episode 85 - NPM ate my files

Josh and Kurt talk about npm 5.7.0 breaking Linux systems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_85_npm_ate_my_files.mp3 Show Notes NPM 5.7.0 issue Hacker News thread Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 28, 2018

Episode 84 - Have I been pwned?

Josh and Kurt talk about the new data dump from Have I been pwned? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_84_Have_I_been_pwned.mp3 Show Notes Have I been pwned? Pwned passwords version 2 XKCD password strength Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 25, 2018

Episode 83 - XKCD + CVE = XKCVE

Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_83_XKCD_CVE_XKCVE.mp3 https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

February 21, 2018