0day

time-2825962_1920

Episode 321 - Relativistic Security: Project Zero on 0day

Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding while a lot of our security technologies are not. When the universe around you is expanding but you’re staying the same size, you are actually shrinking. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_321_Relativistic_Security_Project_Zero_on_0day.mp3 Show Notes Google Project Zero blog post Apple 0days Joint cyber advisory

May 2, 2022
virtual-reality-1802469_1920

Episode 320 - Security Twitter is not the real world

Josh and Kurt talk about a survey about a TuxCare patch management and vulnerability detection. Sometimes our security bubble makes us forget what it’s like in the real world for the people who keep our infrastructure running. Patching isn’t always immediate, automation doesn’t fix everything, and accepting risk is very important. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_320_Security_Twitter_is_not_the_real_world.mp3 Show Notes State of Enterprise Vulnerability Detection and Patch Management CISA Known Exploited Vulnerabilities Catalog Google 0days

April 25, 2022
bubble-gum-438404_1920

Episode 289 - Who left this 0day on the floor?

Josh and Kurt talk about an unusual number of really bad security updates. We even recorded this before the Azure OMIGOD vulnerability was disclosed. It’s certainly been a wild week with Apple and Chrome 0days, and a Travis CI secret leak. Maybe this is the new normal. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_289_Who_left_this_0day_on_the_floor.mp3 Show Notes Matrix 4 trailer Travis CI issue Apple 0day patches Chrome 0day patches CGP Grey Where is the European Union

September 20, 2021
cornwall-540462_1920

Episode 267 - Does 0day still mean 0day?

Josh and Kurt talk about 0day security vulnerabilities. What are they? What were they? And why the name has taken on a new meaning, and that’s OK. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_267_Does_0day_still_mean_0day.mp3 Show Notes Hacker History Podcast Chrome 0day NTFS Documentation

April 19, 2021
source-code-583537_1920

Episode 258 - Stop using C

Josh and Kurt talk about the Google Project Zero report titled “A Year in Review of 0-days Exploited In-The-Wild in 2020”. It’s a cool report but we don’t agree on the conclusion. The answer isn’t to security harder, it’s to stop using C. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_258_Stop_using_C.mp3 Show Notes Google Project Zero Year of 0-days Kurt’s CUPS tweet

February 15, 2021