Cybersecurity

antique-1868726_1920

Episode 254 - Right to Repair Security

Josh and Kurt talk about the new right to repair rules in the EU. There’s a strange line between loving the idea of right to repair, but also being horrified as security people at the idea of a device being on the Internet for 30 years. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_254_Right_to_Repair_Security.mp3 Show Notes EU right to repair repair.eu

January 18, 2021
clock-2129862_1920

Episode 220 - Securing network time and IoT

Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore’s Cybersecurity Labelling Scheme (CLS). It probably won’t do a lot in the short term, but we hope it’s a beacon of hope for the future. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_220_Securing_network_time_and_IoT.mp3 Show Notes Network Time Security NTP and the University of Wisconsin Cybersecurity Labelling Scheme (CLS)

October 19, 2020
book-1659717_1920

Episode 217 - How to tell your story with Travis Murdock

Josh and Kurt talk to Travis Murdock about how to tell your story. Travis explains how to talk to the press and how to tell our story in a way that helps get our message across and lets the reporter do their job better. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_217_How_to_tell_your_story_with_Travis_Murdock.mp3 Show Notes Ruder Finn CVE-2009-3555 Heartbleed

September 28, 2020
venus-5556107_1920

Episode 216 - Security didn't find life on Venus

Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn’t really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn’t hear that though. We have a similar communication problem in security. How often are your words misunderstood? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_216_Security_didnt_find_life_on_Venus.mp3 Show Notes Phosphine on Venus GPS and relativity

September 21, 2020
french-bulldog-5342008_1920

Episode 215 - Real security is boring

Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_215_Real_security_is_boring.mp3 Show Notes Targeting developers XKCD Infrastructure comic Hiding security flaws in git Mossad vs Not-Mossad (PDF warning)

September 14, 2020
lighthouse-2372461_1920

Episode 213 - Security Signals: What are you telling the world

Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_213_Security_Signals_What_are_you_telling_the_world.mp3 Show Notes Reddit carbon monoxide Part 1 Part 2 GCP Grey minus infinity Josh’s blog post

September 7, 2020
work-boots-4133813_1920

Episode 209 - Secure Boot isn't Secure

Josh and Kurt talk about Secure Boot. The conversation uses the recent “Boot Hole” vulnerability to frame a conversation about what Secure Boot is and isn’t. Why the Boot Hole flaw doesn’t really matter, and why Secure Boot was very scary for Linux users back when it came out. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_209_Secure_Boot_isnt_Secure.mp3 Show Notes Boot Hole

August 10, 2020
smoke-1580460_1920

Episode 208 - Passwords are pollution

Josh and Kurt talk about some of the necessary evils of security. There are challenges we face like passwords and resource management. Sometimes the problem is old ideas, sometimes it’s we don’t have metrics. Can you measure not getting hacked? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_208_Passwords_are_pollution.mp3 Show Notes Clearing checks FAIR Institute Factorio

August 3, 2020
the-intersection-2683894_1920

Episode 202 - The convergence of application security

Josh and Kurt talk about the security of applications. We talk about the security of infrastructure all the time, but what happens when we combine infrastructure into an application or solution? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_202_The_convergence_of_application_security.mp3 Show Notes Picture of Kurt’s security check-up Dragon controls

June 22, 2020
PNG_Aqua Logo Color

Episode 200 - Talking Container Security with Liz Rice

Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What will container security look like in the future? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_200_Talking_Container_Security_with_Liz_Rice.mp3 Show Notes Container Security download Pictures of elephants Kubernetes Security book Starboard project Dynamic threat analysis

June 8, 2020