Open Source Security Podcast

Josh and Kurt talk about supplier compliance Links Annex A.15.1 of ISO 27001:2013 Episode 162 – SBOM with Allan Friedman

Josh and Kurt talk about backdoors in open source software

Josh and Kurt talk about the unluckiest man in the world and survivor bias Links Unluckiest man in the world

Josh and Kurt talk about video game hacking. The speedrunners are doing the best security research today Links Super Mario World RCE

Josh and Kurt talk about the safety of a 737 Links FAA says 737 is safe

Josh and Kurt talk about Apple leaking internal IP addresses. Sometimes we create our own emergencies over things that don't matter. Links Apple's internal IP addresses

Josh and Kurt talk about public key cryptography

Josh and Kurt talk about the OpenBSD security(8) man page and the importance of automating security Links OpenBSD security(8) page

Josh and Kurt talk about prime numbers

Josh and Kurt talk about the non problems with public wifi we love to pretend matter Links The Half Dozen Risks of Using Dirty Public Wi-Fi Networks

Josh and Kurt talk about why you need 24/7 monitoring of all the things Links Swiss air force office hours DC-10 cargo door

Josh and Kurt talk about how the EFF is helping us prevent Internet tracking Links EFF Cover Your Tracks

Josh and Kurt talk about how many security vulnerabilities matter enough to fix? Links A Third of Known Computer Security Flaws Have No Solution Episode 162 – SBOM with Allan Friedman

Josh and Kurt talk about cybersecurity statistics and the value of the data we have. Links 24 Cybersecurity Statistics That Matter In 2020

Josh and Kurt talk about advent calendars. We are publishing 25 5 minute episodes in 25 days. Also portable X-ray machines.

Josh and Kurt talk about the safety and liability of new devices. What happens when your doorbell can burn down your house? What if it's your fault the doorbell burned down your house? There isn't really any prior art for where our devices are taking us, who knows what the future will look like. Show Notes Ring Doorbell recall Ring incorrect screw diagram Punctured battery Episode 145 – What do security and fire have in common? Phillips vs Robertson screws wendy knox everette Wendy's presentation on legal liability Tim Burners-Lee privacy company

Josh and Kurt talk about what happens when important root certificates expire on old Android devices? Who should be responsible? How can we fix this? Is this even something we can or should fix? How devices should age is a really hard problem that needs a lot of discussion. Show Notes Unboxing coins Old Android devices certificate store Steve1989MREInfo

Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you look at the current state of things, this discussion is settled, full disclosure won. Show Notes Hacker One 100 million payout Project Zero bug Remington gun trigger class action lawsuit Square windows on a plane

Josh and Kurt talk to Jeff Mitchell about the new HashiCorp project Boundary. We discuss what Boundary is, why it's cooler than a VPN, and how you can get involved. Show Notes Jeff Mitchell HashiCorp Boundary announcement Discuss forum Boundary Project Boundary GitHub

Josh and Kurt talk about how to get started in security. It's like the hero's journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. Show Notes Hero's Journey Mudge's Tweet L0pht at Congress Bob Ross Webkit Face ID and Touch ID for the Web