Signal

Josh and Kurt talk about the FBI telling everyone to use end to end encrypted messengers. This is a pretty drastic deviation from messages in the past. The reason for this is it appears the US telephone networks are pwnt beyond repair at this point, which is concerning. The only real solution now is to treat the phone network as untrusted and encrypt all the traffic. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_458_FBI_endorses_E2E_encryption.mp3 Show Notes Salt Typhoon U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack LTT Hacked phone Security Cryptography Whatever Telegram Secure Messaging Apps Comparison

Josh and Kurt talk about end to end encrypted messages. This has been a popular topic lately due to the Mastodon popularity. Mastodon has a uniquely insecure messaging system, but they aren’t the only one. The eternal debate of can security and usability exist together? We suspect it can’t be, but it’s a very complicated topic. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_351_Is_security_or_usability_a_law_of_the_universe.mp3 Show Notes EFF on Mastodon DM privacy Towards End-to-End Encryption for Direct Messages in the Fediverse Pluralistic: 14 Nov 2022 Even if you’re paying for the product, you’re still the product

Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_213_Security_Signals_What_are_you_telling_the_world.mp3 Show Notes Reddit carbon monoxide Part 1 Part 2 GCP Grey minus infinity Josh’s blog post