This episode need a huge disclaimer: we got almost all of the details of this wrong, the lawsuit is based on CFAA, not on copyright. We apologize for this enormous oversight. Josh and Kurt talk about Apple suing NSO using a copyright claim as their vehicle. Copyright is often used as a reason to bring lawsuits, even whenContinue reading “Episode 300 – Apple vs NSO: What can copyright do for you?”
Tag Archives: cybersecurity
Episode 299 – Experts From A World That No Longer Exists
Josh and Kurt talk about an article about how expertise has a limited lifetime. We are all experts in something, but some of us will find our expert knowledge to be outdated eventually. We discuss what that means in the context of security and tech and disagree about how to best keep your skills up to date. ShowContinue reading “Episode 299 – Experts From A World That No Longer Exists”
Episode 296 – Is Trojan Source a vulnerability?
Josh and Kurt talk about the new Trojan Source bug. We don’t always agree on if this is a vulnerability (it’s not), but by the end we come to an agreement that ASCII is out, Unicode is in. We don’t live in a world where you can make a realistic suggestion to return to using only ASCII. ThereContinue reading “Episode 296 – Is Trojan Source a vulnerability?”
Episode 276 – Security, behavior, and the environment
Josh and Kurt talk about how our environment affects our behavior, and in turn our level of security. We often ignore what’s happening around us when everything is related. Show Notes Judges more lenient after a break Dungeons and Data Poverty changes your DNA
Episode 272 – The Biden Cybersecurity Executive Order
Josh and Kurt talk about the Biden Administration new cybersecurity executive order. There are some good ideas in there, but at the end of the day it’s an unfunded mandate. Unfunded mandates are difficult to implement. Show Notes Biden Executive Order Fact Sheet Obama’s cyber EO
Episode 266 – The future of security scanning with Debricked
Josh and Kurt talk to Emil Wåreus from Debricked about the future of security scanners. Debricked is doing some incredibly cool things to avoid relying on humans for vulnerability identification and cataloging. Learn what the future of security scanning is going to look like. Show Notes Debricked Emil’s Linkedin
It’s time to fix CVE
The late, great, John Lewis is well known for a quote about getting into trouble. Never, ever be afraid to make some noise and get in good trouble, necessary trouble. It’s time to start some good trouble. Anyone who knows me, reads this blog, or follows me on Twitter, is well aware I have beenContinue reading “It’s time to fix CVE”
The Titanic of security
I listen to a lot of podcasts. A lot of podcasts. I was listening to the Dave and Gunnar Show podcast episode 212 with guest David A. Wheeler. The Titanic was used as an example of changing process after a security incident. This opened up a flood of thoughts to me, but not for theContinue reading “The Titanic of security”
Episode 254 – Right to Repair Security
Josh and Kurt talk about the new right to repair rules in the EU. There’s a strange line between loving the idea of right to repair, but also being horrified as security people at the idea of a device being on the Internet for 30 years. Show Notes EU right to repair repair.eu
Episode 220 – Securing network time and IoT
Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore’s Cybersecurity Labelling Scheme (CLS). It probably won’t do a lot in the short term, but we hope it’s a beacon of hope for the future. Show NotesContinue reading “Episode 220 – Securing network time and IoT”
Open Source Security 