Josh and Kurt talk about a tweet from @kmcquade3 asking the question “What’s a concept in security that is generally accepted as true but is actually bull%$#*?” How many of the replies make sense? Most of them do. We go over some of the best replies as fast as we can. Show Notes The tweetContinue reading “Episode 335 – Bull*&$% security ideas”
Tag Archives: cybersecurity
Episode 331 – GPG, but nothing makes sense
Josh and Kurt talk about their very silly GPG key management from the past. This is sadly a very true story that details how both Kurt and Josh protected their GPG keys. Josh’s setup is like something out of a very bad spy novel. It was very over the top for a key that reallyContinue reading “Episode 331 – GPG, but nothing makes sense”
Episode 328 – The Security of Jobs or Job Security
Josh and Kurt talk about the security of employees leaving jobs. Be it a voluntary departure or in the context of the current layoffs we see, what are the security implications of having to remove access for one or more people departing their job? Show Notes Tesla Layoffs Coinbase layoffs
Episode 327 – The security of alert fatigue
Josh and Kurt talk about a funny GitHub reply that notified 400,000 people. It’s fun to laugh at this, but it’s an easy open to discussing alert fatigue and why it’s important to be very mindful of our communications. Show Notes GitHub 400K notifications Hacker News thread Reddit user TV Bluetooth
Episode 326 – Big fat containers
Josh and Kurt talk about containers. There are a lot of opinions around what type of containers is best. Back when it all started there were only huge distro sized containers. Now we have a world with many different container types and sizes. Is one better? Show Notes Programming in the Apocalypse Bob Diachenko Paranoids Podcast
Episode 322 – Adam Shostack on the security of Star Wars
Josh and Kurt talk to Adam Shostack about his new book “Threats: What Every Engineer Should Learn From Star Wars”. We discuss some of the lessons and threats in the Star Wars universe, it’s an old code I hear. We also discuss if Star Wars is a better than Star Trek for teaching security (it probably is). It’sContinue reading “Episode 322 – Adam Shostack on the security of Star Wars”
Episode 321 – Relativistic Security: Project Zero on 0day
Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding while a lot of our security technologies are not. When the universe around you is expanding but you’re stayingContinue reading “Episode 321 – Relativistic Security: Project Zero on 0day”
Episode 319 – Patch Tuesday with a capital T
Josh and Kurt talk about a lot of security vulnerabilities in this month’s Patch Tuesday. There’s also a new Git vulnerability. This sparks the age old question of how fast to patch? The answer isn’t binary, the right answer is whatever works best for you, not what someone tells you is best. Show Notes Patch Tuesday Git securityContinue reading “Episode 319 – Patch Tuesday with a capital T”
Episode 317 – The lack of compromise in security
Josh and Kurt talk about the binary nature of security. Many of our ideas are yes or no, there’s not much in the middle. The conversation ends up derailed due to a Twitter thread about pinning dependencies. This gives you an idea how contentious of a topic pinning is. The final takeaway is not toContinue reading “Episode 317 – The lack of compromise in security”
Episode 314 – The Linux Dirty Pipe vulnerability
Josh and Kurt talk about the Linux Kernel Dirty Pipe security vulnerability. This bug is an amazing combination of amazing complexity, incredible simplicity, and a little bit of luck. The discovery is amazing, the analysis is enlightening. There’s almost no way a bug like this could be found outside of open source. Show Notes DirtyContinue reading “Episode 314 – The Linux Dirty Pipe vulnerability”