Friday, June 5, 2020
Open Source Security Podcast

Episode 199 – Special cases are special: DNS, Websockets, and CSV

Josh and Kurt talk about a grab bag of topics. A DNS security flaw, port scanning your machine from a web browser, and CSV files running arbitrary code. All of these things end up being the result of corner...
Open Source Security Podcast

Episode 198 – Good advice or bad advice? Hang up, look up, and call back

Josh and Kurt talk about the Krebs blog post titled "When in Doubt: Hang Up, Look Up, & Call Back". In the world of security there isn't a lot of actionable advice, it's worth discussing if something like this...
Open Source Security Podcast

Episode 197 – Beer, security, and consistency; the newer, better, triad

Josh and Kurt talk about what beer and reproducible builds have in common. It's a lot more than you think, and it mostly comes down to quality control. If you can't reproduce what you do, you're not a mature organization and...
Open Source Security Podcast

Episode 196 – Pounding square solutions into round holes: forced updates from Ubuntu

Josh and Kurt talk about automatic updates. Specifically we discuss a recent decision by Ubuntu to enable forced automatic updates. There are lessons here for the security community. We have a history of jumping to solutions rather than defining and understanding...
Open Source Security Podcast

Episode 195 – Is BGP actually insecure?

Josh and Kurt talk about the uproar around Cloudflare's "Is BGP safe yet" site. It's always interesting watching how much people will push back on new things, even if the new things is probably a step in the right direction....
Open Source Security Podcast

Episode 194 – Working from home security: resistance is futile

Josh and Kurt talk about the new normal that's working away from an office. It's not exactly working from home as there are some unforeseen challenges that we just took for granted in the past. There are a lot of new and...
Open Source Security Podcast

Episode 193 – Security lessons from space: Apollo 13 edition

Josh and Kurt talk about space. We intended to focus on Apollo 13 but as usual we have no ability to stay on topic. There is a lot of fun space discussions in this one though. Do you think you can hack...
Open Source Security Podcast

Episode 192 – Work without progress – what Infosec can learn from treadmills

Josh and Kurt talk about Kurt's recent treadmill purchase and the lessons we can lean in security from the consumer market. The consumer market has learned a lot about how to interact with their customers in the last few decades, the security...
Open Source Security Podcast

Episode 191 – Security scanners are all terrible

Josh and Kurt talk about security scanners. They're all pretty bad today, but there are some things we can do to make them better. Step one is to understand the problem. Do you know why you're running the scanner and...
Open Source Security Podcast

Episode 190 – Building a talent “ecosystem”

Josh and Kurt talk about building a talent ecosystem. What starts out as an attempt by Kurt to talk about Canada evolves into a discussion about how talent can evolve, or be purposely grown. Canada's entertainment industry and Unit 8200...
Open Source Security Podcast

Episode 189 – Video game hackers – speedrunning

Josh and Kurt talk about video games and hacking. Specifically how speed runners are really just video game hackers. Show Notes Developer speedrun commentary Super Mario World end credits glitch explained Mario 3 RCE Breath of the Wild speedrun Super...
Open Source Security Podcast

Episode 188 – Depressing news sucks, we’re talking about cheating in video games

Josh and Kurt talk about video games. Yeah, video games. Specifically about cheating in video games. There's a lot of other security themes in the discussion. With the news being horrible these days, we needed to talk about something fun....
Open Source Security Podcast

Episode 187 – Wireguard vs IPsec: the OK Boomer of security

Josh and Kurt talk about Wireguard. There have been a lot of recent conversations about it and if it's better or worse than other VPN solutions. It's safe to say in our modern age, less is usually more, especially when it comes...
Open Source Security Podcast

Episode 186 – Endpoint security with Tony Meehan

Josh and Kurt talk to Tony Meehan from Elastic (formerly Endgame) about endpoint detection, response, protection, and even SIEM. Tony has a great history coming from the NSA and has a number of great stories to help understand the topics....
Open Source Security Podcast

Episode 185 – Is it even possible to fix open source security?

Josh and Kurt talk about the Linux Foundation Census 2. There is a lot of talk around how to fix open source security, but the reality is we can't fix it. We need to stop trying to fix what isn't...
The Register

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.