Tuesday, August 3, 2021
Open Source Security Podcast

Episode 282 – The security of Rust: who left all this awesome in here?

Josh and Kurt talk about a story from Microsoft declaring Rust the future of safe programming, replacing C and C++. We discuss how tooling affects progress and why this isn't always obvious when you're in the middle of progress....
Open Source Security Podcast

Episode 281 – If you spy on journalists, you're the bad guys

Josh and Kurt talk about the news that the NSO Group is widely distributing spyware onto a large number of devices. This news should be a wake up call for anyone creating devices and systems that could be attacked,...
Open Source Security Podcast

Episode 280 – The perils of Single Sign On

Josh and Kurt talk about what happens when you lose access to your Single Sign On provider. These providers have become critical to many of us, if we lose access to our SSO account we will lose access to...
Open Source Security Podcast

Episode 279 – The audacity of Audacity: When open source goes rogue

Josh and Kurt talk about the events happening to the Audacity audio editor. What happens if a popular open source application is acquired by an unknown entity? Can this happen to other open source projects? What can we do...
Open Source Security Podcast

Episode 278 – Could SELinux have stopped SolarWinds?

Josh and Kurt talk about a listener provided question. Could SELinux have stopped the SolarWinds attack? Given what we know, the answer is technically yes, but practically no. SELinux is awesome, but it's very difficult to sandbox something like...
Open Source Security Podcast

Episode 277 – Privacy and activism with Chris Weiland

Josh and Kurt talk to Chris Weiland from Restore the Fourth Minnesota. Restore The Fourth Minnesota is nonprofit dedicated to restoring the Fourth Amendment to the U.S. Constitution and ending unconstitutional mass government surveillance. Chris drops a ton of...
Open Source Security Podcast

Episode 276 – Security, behavior, and the environment

Josh and Kurt talk about how our environment affects our behavior, and in turn our level of security. We often ignore what's happening around us when everything is related. Show Notes Judges more lenient after a break Dungeons...
Open Source Security Podcast

Episode 275 – What in the @#$% is going on with ransomware?

Josh and Kurt talk about why it seems like the world of ransomware has gotten out of control in the last few weeks. Every day there's some new and more bizarre ransomware story than we had yesterday. Show Notes...
Open Source Security Podcast

Episode 274 – Mr. Amazon's Neighborhood

Josh and Kurt talk about Amazon sidewalk. There is a lot of attention, but how is this any different than the surveillance networks Apple and Google have built? Show Notes Amazon Sidewalk Ads and toothpaste Airtags and stalking...
Open Source Security Podcast

Episode 273 – Can we stop the coming artificial unintelligence deluge?

Josh and Kurt talk about AI driven comments. We live in a world of massive confusion and disruption where what is true and false, real and fake, are often widely debated. As AI grows and evolves what does it...
Open Source Security Podcast

Episode 272 – The Biden Cybersecurity Executive Order

Josh and Kurt talk about the Biden Administration new cybersecurity executive order. There are some good ideas in there, but at the end of the day it's an unfunded mandate. Unfunded mandates are difficult to implement. Show Notes ...
Open Source Security Podcast

Episode 271 – Pipeline security: There is no problem humans can't make worse

Josh and Kurt talk about how people handle problems. We open with the story of the Colonial Pipeline hack, but then go into some of the ways people tend to make problems worse. Show Notes Male vs Female...
Open Source Security Podcast

Episode 270 – Hello dark patterns my old friend

Josh and Kurt talk about dark patterns. A dark pattern is when a service tries to confuse a user into doing something they don't want to, like unknowingly purchasing a monthly subscription to something you don't need or want....
Open Source Security Podcast

Episode 269 – Do not experiment on the Linux Kernel

Josh and Kurt talk about the University of Minnesota experimenting on the Linux Kernel. There's a lot to unpack in this one, but the TL;DR is you probably don't want to experiment on the kernel. Show Notes Linux...
Open Source Security Podcast

Episode 268 – Can we trust any 3rd parties?

Josh and Kurt talk about what 3rd party means in the current world. From 5G suppliers, to the Codecov and Solarwinds breaches. Is there anyone we can trust? Show Notes Europe and 5G Codecov Codecov Reuters story Red...
The Register

Do you have a grip on the lifecycle security of your AWS-deployed applications?

Learn how to manage the risks of cloud native environments with Aqua and AWS Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and...
TechRepublic

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
TechRepublic

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...