Open Source Security

Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials.

Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome.

Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats.

Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing.

Josh and Kurt talk about Skyfall, fake reports, risk, logging, and how a civilized society functions.

Josh and Kurt talk about the accidental missile warning in Hawaii. We also discuss general preparedness and risk.

Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.

Josh and Kurt talk about the aftermath of Meltdown. The details of the flaw are probably less interesting than what happens now.

Josh and Kurt talk about the Security Planner website. It's pretty good all things considered.

Josh and Kurt talk about facial recognition, physical security, banking, and Amazon Alexa.

Josh and Kurt talk about basic security metrics and security from Santa. Is Santa GDPR compliant?

Josh and Kurt talk about Bitcoin, blockchain, and other cryptocurrencies.

Josh and Kurt talk about GitHub's security scanner and Linus' security email. We clarify the esoteric difference between security bugs and non security bugs.

Josh and Kurt talk about Intel ME, Equifax salary history, and IoT.

Josh and Kurt talk about Amazon Key and actionable advice.

Josh and Kurt talk about Facebook listening to your microphone, Google Chrome certificate pinning, CAs, 152 ways to stay safe, and Kubernetes.

Josh and Kurt talk about hacking back, passwords, honeypots, and conspiracies.

Josh and Kurt talk about Equifax again, Kaspersky, TLS CAs, coming change, social security numbers, and Minecraft.

Josh and Kurt talk about Apple, Equifax, passwords, AI, and aliens.

Josh and Kurt talk about networks, Dnsmasq, IoT, and our coming security dystopian future.

Josh and Kurt talk about the Equifax breach (again) and what it will mean for all of us. Blueborne comes up, as well as #TrevorForget.

Josh and Kurt talk about the Equifax breach and what it will mean for all of us.

Josh and Kurt talk about our lack of progress in security, economics, and how to interact with peers.

Josh and Kurt talk about the eclipse and blockchain.

Josh and Kurt talk about VPNs and the upcoming eclipse.

Josh and Kurt talk about MalwareTech, Debian killing off TLS 1.0 and 1.1, auto safety, HBO, and npm not typo squatting.

Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.

Josh and Kurt talk about forest fires, fuzzing, old time Internet, and Net Neutrality. Listen to Kurt play the Devil's Advocate and manage to change Josh's mind about net neutrality.

Josh and Kurt talk about Let's Encrypt, certificates, Kaspersky, A/V, code signing, Not Petya, self driving cars, and failures that become security problems.

Josh and Kurt talk about Canada Day, Not Petya, Interac goes down, Minecraft, airport security and books, then GDPR.

Josh and Kurt talk about security through obscurity, airplanes, the FAA, the Windows source code leak, and chicken sandwiches.

Josh and Kurt talk about the new StackClash flaw, Grenfell Tower, risk management, and backwards compatibility.

Josh and Kurt talk to Dan Adinolfi about CVE. Most anything you ever wanted to know about CVE is discussed.

Josh and Kurt discuss Futurama, tornadoes, sudo, encryption, hacking back, and something called an ombudsman. Also episode 50!

Josh and Kurt discuss Samba, FTP sites, MSDOS, regulation, and the airplane laptop travel ban.

Josh and Kurt have a guest! Mike Paquette from Elastic discusses the fundamentals and basics of Machine Learning. We also discuss how ML could have helped with WannaCry.

Josh and Kurt discuss the WannaCry worm.

Josh and Kurt discuss the recent Google phish attack.

Josh and Kurt discuss not-counterfeit MTG cards, antivirus, squirrelmail, unroll.me, grsecurity, baby monitors, and trust.

Josh and Kurt discuss Lego, bug bounties, pen testing, thought leadership, cars, lemons, entropy, and CVE.

Josh and Kurt discuss Shadow Brokers, pronouncing GIF, Atlanta's road problems, browser phishing, warning sirens, IoT, and fake Magic the Gathering cards.

Josh and Kurt discuss the security themes and events in the context of the HHGG movie.

Josh and Kurt discuss airplane laptop bans, ATM hacking, pointing at things, and Certificate Authorities.

Josh and Kurt discuss Verizon spyware, FCC privacy, Smart TVs, Tor's rewrite, Google's new operating system, bitcoin, and NanoCore.

Josh and Kurt discuss certificates, OpenSSL, dishwashers, Flash, and laptop travel bans.

Josh and Kurt discuss disclosing your password, pwn2own, wikileaks, Back Orifice, HTTPS inspection, and antivirus.

Josh and Kurt discuss how the Vault 7 leaks shows we live in the Neuromancer world, and this is likely the new normal.

Josh and Kurt discuss an IoT bear, Alexa and Siri, Google's E2Email and S/MIME.

Josh and Kurt discuss SHA-1 and cloudbleed. Bug bounties come up, and we compare security to the Higgs boson. We also discuss IPv6 at the end.

Josh and Kurt discuss RSA, the cryptographer's panel and of course, AI.