wide-vine

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They’re quasi related in the context of two open source projects handled bugs very differently. The OpenSSH bug isn’t really as serious as it seems, but you still want to patch. The node-ip bug is a very different story. The relationship between users and open source developers is one experiencing more strain now than we’ve ever seen. It’s a weird conversation and we don’t have good answers. Security in general is a collection of unsolvable problems. ...

July 8, 2024
source-g5b309f8c4_1920

Episode 292 - Apache RCE and Twitch epic pwn

Josh and Kurt talk about the recent Twitch hack and how in the modern age leaking source code almost certainly doesn’t matter. The leaked data however is a big deal. We also discuss a recent Apache httpd update. Some things went right, some things went wrong. Dealing with vulnerabilities is hard. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_292_Apache_RCE_and_Twitch_epic_pwn.mp3 Show Notes Parasocial Relationship Twitch Hack Soviet B-29 Clone Apache CVE Apache Advisory GossiTheDog Tweet Hacker Fantastic exploit

October 11, 2021
signs-2799416_1920

Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things

Josh and Kurt talk about how terrible daylight savings is. GitHub yanking some exploit code. And the Linux Foundation new project to sign all the things. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_263_GitHub_pulls_exploits_LinuxFoundation_sign_all_the_things.mp3 Show Notes Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github GitHub content restrictions Reproducing the Microsoft Exchange Proxylogon Exploit Chain

March 22, 2021