Episode 307 – Got vulnerabilities? Introducing GSD
Josh and Kurt talk about the Global Security Database (GSD) project. This is a Cloud Security Alliance (CSA) effort to build community around vulnerability identifiers. Show Notes We rate dogs Racoons that heal your sadness Global Security Database Episode 261 –...
Episode 306 – Open source isn't broken, it's an experience
Josh and Kurt talk about the faker and colors NPM events. There is a lot of discussion around open source being broken or somehow failing because of these events. The real answer is open source is an experience. How we interact with...
Episode 305 – Norton, Ethereum, NFT, and Apes
Josh and Kurt talk about Norton creating an Ethereum mining pool. This is almost certainly a bad idea, we explain why. We then discuss the reality of NFTs and the case of stolen apes. NFTs can be very confusing. The whole world...
Episode 304 – Will we ever fix all the vulnerabilities?
Josh and Kurt talk about the question will we ever fix all the vulnerabilities? The question came from Reddit and is very reasonable, but it turns out this is REALLY hard to discuss. The answer is of course "no", but why it...
Episode 303 – Log4j Christmas Spectacular!
Josh and Kurt start the show with the reading of a security themed Christmas poem. We then discuss some of the new happenings around Log4j. The basic theme is that even if we were over-investing in Log4j, it probably wouldn't have caught...
Episode 302 – Log4j is a mess
Josh and Kurt talk about the same topic everyone is talking about, Log4j. This episode was recorded on the Wednesday after the first Log4j issue. We point out all the gaps and difficulties for the defenders. The situation has gotten worse since...
Episode 301 – You're holding it wrong: the importance of unlearning
Josh and Kurt talk about the epic failure that was episode 300. But this ties nicely into the topic of the day which is new ways to do things. The example is a new way to hold a controller when playing Tetris....
Episode 300 – Apple vs NSO: What can copyright do for you?
Josh and Kurt talk about Apple suing NSA using a copyright claim as their vehicle. Copyright is often used as a reason to bring lawsuits, even when it doesn't always make sense. Copyright has been used by open source to expand rights,...
Episode 299 – Experts From A World That No Longer Exists
Josh and Kurt talk about an article about how expertise has a limited lifetime. We are all experts in something, but some of us will find our expert knowledge to be outdated eventually. We discuss what that means in the context of...
Episode 298 – David A Wheeler discusses the OpenSSF
Josh and Kurt talk to David A. Wheeler about everything OpenSSF. The Open Source Security Foundation is part of the Linux Foundation, and there are 6 OpenSSF working groups. David does a great job explaining how the OpenSSF works and what the...
Episode 297 – 25 years of smashing stacks, fun, and profit
Josh and Kurt talk about the famous Phrack 49 article "Smashing the Stack for Fun and Profit" turning 25 years old. This paper created a massive amount of change in the industry, possibly more than any other paper ever written. Everything from...
Episode 296 – Is Trojan Source a vulnerability?
Josh and Kurt talk about the new Trojan Source bug. We don't always agree on if this is a vulnerability (it's not), but by the end we come to an agreement that ASCII is out, Unicode is in. We don't live in...
Episode 295 – Open source security isn't free
Josh and Kurt talk about Josh's electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems to have...
Episode 294 – Chris Wysopal on the state of security education
Josh and Kurt talk to Chris Wysopal, AKA Weld Pond, about security education. We talk about the current state of how we are learning about security as students and developers. What the best way to get developers interested in...
Episode 293 – Scoring OpenSSF Security Scoring
Josh and Kurt talk about the release of OpenSSF Security Scorecards version 3. This is a great project that will probably make a huge difference. Most of the things the scorecards are measuring are no brainier activities. We go...
Linux Servers at Risk of RCE Due to Critical CWP Bugs
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
Trickbot Injections Get Harder to Detect & Analyze
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps
Enlarge (credit: Getty Images | zf L)
AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...
Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
DC, 3 States Sue Google Saying it Invades Users' Privacy
The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked.
read more
