Twitter

Josh and Kurt talk about a new Google proposal that would add DRM for the web. All the ad driven companies seem to be acting very strangely, there’s probably a reason for this. The way ads used to pay for content is changing, but a lot of these giant companies don’t know how to adapt. It’s going to be very interesting times in the near future. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_386_We_are_watching_web_2_0_burn.mp3 Show Notes Web Environment Integrity Hacker News Thread Island Browser hunter2

Josh and Kurt talk about a new tool that can do Stylometry analysis of Hacker News authors. The availability of such tools makes anonymity much harder on the Internet, but it’s also not unexpected. The amount of power and tooling available now is incredible. We also discuss some of the future challenges we will see from all this technology. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_352_Stylometry_removes_anonymity.mp3 Show Notes Hacker News Stylometry Analyzer FBI Profiler on the Unabomber Impersonate Eli Lilly for $8 Shakespeare Stylometry

Josh and Kurt talk about a tweet from @kmcquade3 asking the question “What’s a concept in security that is generally accepted as true but is actually bull%$#*?” How many of the replies make sense? Most of them do. We go over some of the best replies as fast as we can. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_335_Bull_security_ideas.mp3 Show Notes The tweet that started it all Mark Loveless Mark Manning Richard (Dick) Brooks @ImbecillicusRex What Train Have We Got? Dan Alejo 🏳️‍🌈 postmodern 🇺🇸 Robert C. Seacord 🇺🇦 Yip Wai Peng Sachin Shahi

Earlier today I asked a question on Twitter Holy cow that thread took on a life of its own. The question is easy enough, do we have any security data on pinning vs not pinning dependencies? We don’t, I know this, but I was hoping someone was working on something (I don’t think they are). But during the thread I also think I figured how to be start collecting this data. That’s a post for the future. ...

Josh and Kurt talk about how to get attention for security problems. Recent research around Twitter credentials checked into GitHub showed us how to get a lot of attention when compared to a problem like Log4Shell which took years before anyone really picked up on the problem. It’s hard to talk about security sometimes. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_308_Welcome_to_the_jungle_How_to_talk_about_open_source_security.mp3 Show Notes Josh’s computer vision code Twitter secrets Qualys pwnkit

Josh and Kurt start this one by explaining how the Twitter hacker was just a dumb criminal (most criminals are dumb). We then discuss the new GPT-3 AI that can create text. How we create, and how social media is doing everything it can to weaponize our attention. It’s not a fight humanity is winning. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_207_Weaponized_attention.mp3 Show Notes GPT-3 AI Blipverts Show Tags #weaponizedattention #GPT-3 #GPT3