A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Go Time: Golang, Software Engineering
Your source for diverse discussions from around the Go community. This show records LIVE every Tuesday at 3pm US Eastern. Join the Golang community and chat with us during the show in the #gotimefm channel of Gophers slack. Panelists include Mat Ryer, Jon Calhoun, Carmen Andoh, Johnny Boursiquot, Angelica Hill, Mark Bates, Kris Brandow, and Natalie Pistunovich. We discuss cloud infrastructure, distributed systems, microservices, Kubernetes, Docker… oh and also Go! Some people search for GoTime or GoTimeFM and can’t find the show, so now the strings GoTime and GoTimeFM are in our description too.
The FOSS Pod
From the creative geniuses behind Brad & Will Made a Tech Pod, The FOSS Pod is a show about the free and open source software that’s changing the world, and the developers who are making it happen.
Episode 222 - HashiCorp Boundary with Jeff Mitchell
Josh and Kurt talk to Jeff Mitchell about the new HashiCorp project Boundary. We discuss what Boundary is, why it's cooler than a VPN, and how you can get involved. Show Notes Jeff Mitchell HashiCorp Boundary announcement Discuss forum Boundary Project Boundary GitHub
Episode 221 - Security, magic, and FaceID
Josh and Kurt talk about how to get started in security. It's like the hero's journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. Show Notes Hero's Journey Mudge's Tweet L0pht at Congress Bob Ross Webkit Face ID and Touch ID for the Web
Episode 220 - Securing network time and IoT
Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore's Cybersecurity Labelling Scheme (CLS). It probably won't do a lot in the short term, but we hope it's a beacon of hope for the future. Show Notes Network Time Security NTP and the University of Wisconsin Cybersecurity Labelling Scheme (CLS)
Episode 219 - Chat with Larry Cashdollar
Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! Show Notes Akamai Larry's website Larry's First CVE
Episode 218 - The past was a terrible place
Josh and Kurt talk about change. Specifically we discuss how the past was a terrible place. Never believe anyone who tells you it was better. Part of a career now is learning how to learn. The things you learn today won't be useful skills in a few years. The future is is always better than the past. Even in 2020. Show Notes I no longer build software Temple OS Top Gear electric car 1959 Bel Air crash test
Episode 217 - How to tell your story with Travis Murdock
Josh and Kurt talk to Travis Murdock about how to tell your story. Travis explains how to talk to the press and how to tell our story in a way that helps get our message across and lets the reporter do their job better. Show Notes Ruder Finn CVE-2009-3555 Heartbleed
Episode 216 - Security didn't find life on Venus
Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn't really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn't hear that though. We have a similar communication problem in security. How often are your words misunderstood? Show Notes Phosphine on Venus GPS and relativity
Episode 215 - Real security is boring
Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. Show Notes Targeting developers XKCD Infrastructure comic Hiding security flaws in git Mossad vs Not-Mossad (PDF warning)
Episode 213 - Security Signals: What are you telling the world
Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. Show Notes Reddit carbon monoxide Part 1 Part 2 GCP Grey minus infinity Josh's blog post
Episode 212 - Grab Bag: The Security We Deserve Edition
Josh and Kurt talk about Chromium sending traffic to root DNS servers. Telemetry watching what we do. Cryptocurrency scams and a few other random topics. Also pandas. Show Notes Blanket rack Chromium DNS traffic Ubuntu MOTD Microsoft telemetry YAM coin implodes Panda Cubs
Episode 211 - The only thing harder than signing files is managing users
Josh and Kurt talk about the Microsoft 2 year old signature bug and Github no longer processing MFA resets for free users. Signing things is hard, but trying to manage users and infrastructure at scale is even harder. Show Notes Microsoft signed jar bug GitLab Support is no longer processing MFA resets for free users Someone Is Hijacking Tor Exit Nodes to Conduct MITM Attacks
Episode 210 - Cult of Information Security
Josh and Kurt talk about the current state of information security. There are aspects that resemble a cult more than we would like. It's not all bad though, there are some things we can do to help move things forward. This episode shouldn't be taken too seriously. Show Notes "cult of information security" How to start a cult
Episode 209 - Secure Boot isn't Secure
Josh and Kurt talk about Secure Boot. The conversation uses the recent "Boot Hole" vulnerability to frame a conversation about what Secure Boot is and isn't. Why the Boot Hole flaw doesn't really matter, and why Secure Boot was very scary for Linux users back when it came out. Show Notes Boot Hole
Episode 208 - Passwords are pollution
Josh and Kurt talk about some of the necessary evils of security. There are challenges we face like passwords and resource management. Sometimes the problem is old ideas, sometimes it's we don't have metrics. Can you measure not getting hacked? Show Notes Clearing checks FAIR Institute Factorio
Episode 207 - Weaponized attention
Josh and Kurt start this one by explaining how the Twitter hacker was just a dumb criminal (most criminals are dumb). We then discuss the new GPT-3 AI that can create text. How we create, and how social media is doing everything it can to weaponize our attention. It's not a fight humanity is winning. Show Notes GPT-3 AI Blipverts