A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
The FOSS Pod
From the creative geniuses behind Brad & Will Made a Tech Pod, The FOSS Pod is a show about the free and open source software that’s changing the world, and the developers who are making it happen.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
Episode 199 - Special cases are special: DNS, Websockets, and CSV
Josh and Kurt talk about a grab bag of topics. A DNS security flaw, port scanning your machine from a web browser, and CSV files running arbitrary code. All of these things end up being the result of corner cases. Letting a corner case be part of a default setup is always a mistake. Yes always, not even that one time. Show Notes Bind advisory Robustness Principal eBay port scanning localhost OWASP CSV injection
Episode 198 - Good advice or bad advice? Hang up, look up, and call back
Josh and Kurt talk about the Krebs blog post titled "When in Doubt: Hang Up, Look Up, & Call Back". In the world of security there isn't a lot of actionable advice, it's worth discussing if something like this will work, or ever if it's the right way to handle these situations. Show notes When in Doubt: Hang Up, Look Up, & Call Back Tech Support Scam podcast: Part 1, Part 2 STIR/SHAKEN Drill the wrong safe deposit box 2009 Bank of Ireland robbery
Episode 197 - Beer, security, and consistency; the newer, better, triad
Josh and Kurt talk about what beer and reproducible builds have in common. It's a lot more than you think, and it mostly comes down to quality control. If you can't reproduce what you do, you're not a mature organization and you need maturity to have quality. Show Notes Reinheitsgebot Josh's Blog Post Ken Thompson's reflections on trusting trust Tor Browser Deterministic Builds One line package broke npm create Donkey Kong 64 memory leak
Episode 196 - Pounding square solutions into round holes: forced updates from Ubuntu
Josh and Kurt talk about automatic updates. Specifically we discuss a recent decision by Ubuntu to enable forced automatic updates. There are lessons here for the security community. We have a history of jumping to solutions rather than defining and understanding problems. Sometimes our solutions aren't the best. Also murder bees. Show Notes The Oatmeal giant bee comic Honeybees cook giant hornet Ubuntu 20.04 LTS’ snap obsession has snapped me off of it Forum discussion
Episode 195 - Is BGP actually insecure?
Josh and Kurt talk about the uproar around Cloudflare's "Is BGP safe yet" site. It's always interesting watching how much people will push back on new things, even if the new things is probably a step in the right direction. The clever thing Cloudflare is doing in this instance is they are making the BGP problem something anyone can understand. Also send us your funny dog stories. Show Notes Is BGP safe yet? Reddit BGP conversation Hacker News BGP conversation Stealing cryptocurrency with BGP
Episode 194 - Working from home security: resistance is futile
Josh and Kurt talk about the new normal that's working away from an office. It's not exactly working from home as there are some unforeseen challenges that we just took for granted in the past. There are a lot of new and strange security problems we have to adapt to, everyone is doing amazing work with very little right now. Show Notes Microsoft buys corp.com Hijack computer network traffic with a Pi Zero
Episode 193 - Security lessons from space: Apollo 13 edition
Josh and Kurt talk about space. We intended to focus on Apollo 13 but as usual we have no ability to stay on topic. There is a lot of fun space discussions in this one though. Do you think you can hack Voyager 1? Only if you have a big enough satellite dish. Show Notes Eavesdropping on Apollo 11 Apollo 11 classified weather satellite The pen that saved Apollo 11
Episode 192 - Work without progress - what Infosec can learn from treadmills
Josh and Kurt talk about Kurt's recent treadmill purchase and the lessons we can lean in security from the consumer market. The consumer market has learned a lot about how to interact with their customers in the last few decades, the security industry is certainly behind in this space today. Once again we display our ability to tie even the seemingly mundane things back to a discussion about security. Show Notes Eating goldfish off the treadmill
Episode 191 - Security scanners are all terrible
Josh and Kurt talk about security scanners. They're all pretty bad today, but there are some things we can do to make them better. Step one is to understand the problem. Do you know why you're running the scanner and what the reports mean? Show Notes Edmonton freeze thaw cycles Josh's security scanner blog series
Episode 190 - Building a talent "ecosystem"
Josh and Kurt talk about building a talent ecosystem. What starts out as an attempt by Kurt to talk about Canada evolves into a discussion about how talent can evolve, or be purposely grown. Canada's entertainment industry and Unit 8200 are good examples of this. Show Notes SCTV Red Team Project Moon Shot book AvE channel Turning a tree root into a bowl Mailing the Hope Diamond The Ecosystem
Episode 189 - Video game hackers - speedrunning
Josh and Kurt talk about video games and hacking. Specifically how speed runners are really just video game hackers. Show Notes Developer speedrun commentary Super Mario World end credits glitch explained Mario 3 RCE Breath of the Wild speedrun Super Metroid reverse boss order TMR beats every NES game
Episode 188 - Depressing news sucks, we're talking about cheating in video games
Josh and Kurt talk about video games. Yeah, video games. Specifically about cheating in video games. There's a lot of other security themes in the discussion. With the news being horrible these days, we needed to talk about something fun. Show Notes Penny Arcade Banned from Fortnite Apollo Robbins, world's best pickpocket
Episode 187 - Wireguard vs IPsec: the OK Boomer of security
Josh and Kurt talk about Wireguard. There have been a lot of recent conversations about it and if it's better or worse than other VPN solutions. It's safe to say in our modern age, less is usually more, especially when it comes to security. Wireguard has a lot going for it, it can't be ignored. Show Notes Replacing a Nintendo Switch fan WireGuard Hacker News discussion
Episode 186 - Endpoint security with Tony Meehan
Josh and Kurt talk to Tony Meehan from Elastic (formerly Endgame) about endpoint detection, response, protection, and even SIEM. Tony has a great history coming from the NSA and has a number of great stories to help understand the topics. Show Notes Tony Meehan Rob Joyce on Disrupting Nation State Hackers Bobby Filar living off the land blog Dwell time graph Snowboarder vs Tree
Episode 185 - Is it even possible to fix open source security?
Josh and Kurt talk about the Linux Foundation Census 2. There is a lot of talk around how to fix open source security, but the reality is we can't fix it. We need to stop trying to fix what isn't broken and engineering around the system we have, not the system we want. Show Notes Linux Foundation Census 2 Core Infrastructure Initiative