Wednesday, February 20, 2019
Open Source Security Podcast

Episode 134 – What’s up with the container runc security flaw?

Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like.
Open Source Security Podcast

Episode 133 – Smart locks and the government hacking devices

Josh and Kurt talk about the fiasco hacks4pancakes described on Twitter and what the future of smart locks will look like. We then discuss what it means if the Japanese government starts hacking consumer IoT gear, is it ethical? Will it make...
Open Source Security Podcast

Episode 132 – Bird Scooter: 0, Cory Doctorow: 1

Josh and Kurt talk about the Bird Scooter vs Corey Doctorow incident. We then get into some of the social norms around new technology and what lessons the security industry can take from something new like shared scooters.
Open Source Security Podcast

Episode 131 – Windows micropatches, Google’s privacy fine, and Mastercard fixes trial abuse

Josh and Kurt talk about non-Microsoft Windows micropatches. The days of pretending closed source matters are long gone. Google gets hit with a privacy fine, that probably won't matter. And Mastercard makes it easier for consumers to not accidentally sign up for...
Open Source Security Podcast

Episode 130 – Chat with Snyk co-founder Danny Grander

Josh and Kurt talk to Danny Grander one of the co-founders of Snyk about Zip Slip, what it is, how to fix it, and how they disclosed everything. We also touch on plenty of other open source security topics as Danny is...
Open Source Security Podcast

Episode 129 – The EU bug bounty program

Josh and Kurt talk about the EU bug bounty program. There have been a fair number of people complaining it's solving the wrong problem, but it's the only way the EU has to spend money on open source today. If that doesn't...
Open Source Security Podcast

Episode 128 – Australia’s encryption backdoor bill

Josh and Kurt talk about Australia's recently passed encryption bill. What is the law that was passed, what does it mean, and what are the possible outcomes? The show notes contain a flow chart of possible outcomes.
Open Source Security Podcast

2018 Christmas Special – Is Santa GDPR compliant?

Josh and Kurt talk about which articles of the GDPR apply to Santa, and if he's following the rules the way he should be (spoiler, he's probably not). Should Santa be on his own naughty list? We also create a new holiday...
Open Source Security Podcast

Episode 127 – Walled gardens, appstores, and more

Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here,...
Open Source Security Podcast

Episode 126 – The not so dire future of supply chain security

Josh and Kurt continue the discussion from episode 125. We look at the possible future of software supply chains. It's far less dire than previously expected. It's likely there will be some change in the
Open Source Security Podcast

Episode 125 – Open Source, supply chains, npm, and you

Josh and Kurt talk about how open source deals with malicious events. It's probably impossible to stop these from happening, but the open source universe deals with it in its own unique way. We start to discuss what you can do, since...
Open Source Security Podcast

Episode 124 – Cloudflare’s service workers and the economics of security

Josh and Kurt talk about Cloudflare's new Workers service. We spend a lot of time discussing how economics drives technology, not security. It's quite likely this new service is less secure than existing alternatives, but it will be cheaper and faster which...
Open Source Security Podcast

Episode 123 – Talking about Kubernetes and container security with Liz Rice

Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.
Open Source Security Podcast

Episode 122 – What will Apple’s T2 chip mean for the rest of us?

Josh and Kurt talk about Apple's new T2 security chip. It's not open source but we expect it to change the security landscape in the coming years.
Open Source Security Podcast

Episode 121 – All about the security of voting

Josh and Kurt talk about voting security. What does it mean, how does it work. What works, what doesn't work, and most importantly why we may not see secure electronic voting anytime soon.
TechRepublic

Best practices for handling gaps in cloud security

Establishing sufficient cloud security is a complex challenge. Learn where your attention is best directed to achieve the best results.
The Register

Behold… a WinRAR security bug that’s older than your child’s favorite YouTuber. And yes, you should patch this hole

Bet all two of you who paid to activate your copy are feeling a little cheesed off at this 14-year-old undetected flaw CheckPoint infosec eggheads are today laying claim to discovering a Windows archiving security flaw that appears to...

Can you really sniff out gas station card skimmers with your phone?

A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...
SecurityWeek

Canada Helping Australia Determine ‘Full Extent’ of Hack

Canada's electronic eavesdropping agency said Wednesday it is working with Canberra to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election. read more

Researcher: Not Hard for a Hacker to Capsize a Ship at Sea

Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively...