A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Go Time: Golang, Software Engineering
Your source for diverse discussions from around the Go community. This show records LIVE every Tuesday at 3pm US Eastern. Join the Golang community and chat with us during the show in the #gotimefm channel of Gophers slack. Panelists include Mat Ryer, Jon Calhoun, Carmen Andoh, Johnny Boursiquot, Angelica Hill, Mark Bates, Kris Brandow, and Natalie Pistunovich. We discuss cloud infrastructure, distributed systems, microservices, Kubernetes, Docker… oh and also Go! Some people search for GoTime or GoTimeFM and can’t find the show, so now the strings GoTime and GoTimeFM are in our description too.
The FOSS Pod
From the creative geniuses behind Brad & Will Made a Tech Pod, The FOSS Pod is a show about the free and open source software that’s changing the world, and the developers who are making it happen.
Episode 358 - Furby vs Alexa
Josh and Kurt talk about the Furby source code going public. This is an opportunity to discuss what's changed in our attitude in devices that record our audio? Our devices today are vastly more powerful and dangerous than a Furby, what does your risk appetite look like? Show Notes Furby source code Talking Toy Or Spy? Adam Ruins Everything - Why Jaywalking Is a Crime
Episode 357 - Is open source being overexploited?
Josh and Kurt talk about how to think about open source in the context of society. Open source is more like a natural resource than a supplier. It's common to think of open source projects as delivered to us, but it's more like acquiring raw materials from the forest. The problem is we're harvesting the raw materials in an unsustainable manner at the moment. Show Notes I am not a supplier Josh's question about the environment sjvn Gorilla toolkit article Gorilla Web Toolkit Awesome Games Done Quick GeoGuessr Awesome Games Done Quick 2023
Episode 356 - LastPass ducked up, now what?
Josh and Kurt talk about the LastPass saga. There's a lot of great explanations about what happened, but there hasn't been a lot of info on how to start cleaning up this mess. We rehash some of the existing details then try to untangle what existing users can do to try to start recovering. The real problem is how LastPass is dealing with this, not the technical details. Show Notes Great writeup of LastPass Jeremi M Gosney Mastodon explanation Tavis writeup on password managers Use a Passphrase
Episode 355 - Security Boxing Day
Josh and Kurt talk about some security gifts for boxing day. We start out with the idea of the security poverty line and discuss a few ideas for how a low resource group can make their open source more secure. There are no simple answers unfortunately. Show Notes Wendy Nather Security Poverty Line Boots Theory
Episode 354 - Jerry Bell tells us why Mastodon is awesome and MFA is hard
Josh and Kurt talk about how hard multi factor authentication is. This all starts from a Mastodon thread, and Jerry Bell, the administrator of infosec.exchange joins us to discuss password security and all things Mastodon. Infosec.exchange is an incredible story and Jerry weaves a thrilling tale. Show Notes infosec.exchange MFA discussion Jerry's 2FA advice MalwareTech retracts Mastodon statements
Episode 353 - Jill Moné-Corallo on GitHub's bug bounty program
Josh and Kurt talk to Jill Moné-Corallo about GitHub's bug bounty and product security team. It's a treat to discuss bug bounties with someone who is managing a very large bug bounty for one of the most important web sites in the world of software today. Show Notes Jill's Twitter Jill's Mastodon GitHub Bug Bounty Bug bounty scope Eight years of the GitHub Security Bug Bounty program GitHub NPM bug bounty find
Episode 352 - Stylometry removes anonymity
Josh and Kurt talk about a new tool that can do Stylometry analysis of Hacker News authors. The availability of such tools makes anonymity much harder on the Internet, but it's also not unexpected. The amount of power and tooling available now is incredible. We also discuss some of the future challenges we will see from all this technology. Show Notes Hacker News Stylometry Analyzer FBI Profiler on the Unabomber Impersonate Eli Lilly for $8 Shakespeare Stylometry
Episode 351 - Is security or usability a law of the universe?
Josh and Kurt talk about end to end encrypted messages. This has been a popular topic lately due to the Mastodon popularity. Mastodon has a uniquely insecure messaging system, but they aren't the only one. The eternal debate of can security and usability exist together? We suspect it can't be, but it's a very complicated topic. Show Notes EFF on Mastodon DM privacy Towards End-to-End Encryption for Direct Messages in the Fediverse Pluralistic: 14 Nov 2022 Even if you're paying for the product, you're still the product
Episode 350 - Spam, Email, Content Moderation, and Infrastructure Oh My
Josh and Kurt talk about email security and the perils of trying to run your own mail infrastructure. We then get into discussing the value and danger of trying to run your own infrastructure, email, blogs, or most anything. There's a lot to juggle about all this these days, it's complicated. Show Notes PowerDMARC Will Dormann GossiTheDog upgrades Exchange lcamtuf's blog I like Ice Cream
Episode 349 - The cyber is coming from inside the house - the UK is scanning itself
Josh and Kurt talk about the UK plan to scan their country's IP space. The purpose and outcome of this isn't completely clear at this point, but we are hopeful the data can be used as a positive force. We are only going to see more programs like this as all the governments are told they have to cyber harder. Show Notes NCSC Scanning information Motherboard podcast about NCIS
Episode 348 - OpenSSL is the new lead paint
Josh and Kurt talk about the recent OpenSSL nothingburger. OpenSSL got everyone whipped into a frenzy over a critical vulnerability, then changed the severity to high. The correct solution to this whole problem is to stop using a TLS library written in C, we need to be using memory safe languages. Don't migrate from OpenSSL 1 to 3, migrate from OpenSSL 1 to Rustls. Show Notes OpenSSL Blog Post OpenSSL pre-announcement Mark Cox Tweet 3.0 only affected GossiTheDog NDA Tweet Claims of a name and logo Rustls Image Credit
Episode 347 - Airtags in luggage and weasel security - two peas in a suitcase
Josh and Kurt talk about Lufthansa trying to ban Airtags. This has a similar feel to all the security events where a company tries to hand waive away a security problem then having to walk back all their previous statements. There is almost always a massive imbalance between the large companies and consumers. Show Notes Lufthansa bans airtags Airtag stalking problems Lufthansa unbans airtags Cult of the Dead Cow book TV Typewriter Andre the Giant on an airplane Poison Squad
Episode 346 - Security and working from home have terrible things in common
Josh and Kurt talk about stories detailing tech working with multiple jobs. This raises some questions about fairness, accountability, and the future of work. As an industry we are very bad at measuring what we do, which is a problem shared with many jobs currently working from home. Show Notes Equifax surveilled 1,000 remote workers, fired 24 found juggling two jobs Business Insider 2 jobs story Ken Thompson lines of code
Episode 345 - Cheap hacking devices turn security upside down
Josh and Kurt talk about ineffective security from the past we still use today. There has been a great deal of progress in the last few decades bringing us amazing products like the Flipper Zero, cameras that can peer inside locks, and even software defined radio. A great deal of security relies on people not having easy access to these cheap devices. What does this mean for the future of security? Show Notes Cloning a Rare ISA Card to Use a Rare CD Drive Vintage Tech YouTubers Discussion Panel | VCFMW 17 (2022) Flipper Zero Lock camera HackRF One The history of Hash Reddit post-it notes in apartment
Episode 344 - Python tarfile - 2022 is nothing like 2007
Josh and Kurt talk about a newly rediscovered old python vulnerability. It raises a lot of questions about what was OK in 2007 vs what's OK in 2022. The issue is very complicated and has a wild story surrounding it. There is no reason to not fix this in 2022. Show Notes CVE-2007-4559 Red Hat Bug Register story Response from upstream Upstream patch ZippSlip Current upstream bug CSURF