Episode 134 – What’s up with the container runc security flaw?
Josh and Kurt talk about the new runc container security flaw. How does the flaw work, what can you do about it, what should you do about it, and what the future of container security may look like.
Episode 133 – Smart locks and the government hacking devices
Josh and Kurt talk about the fiasco hacks4pancakes described on Twitter and what the future of smart locks will look like. We then discuss what it means if the Japanese government starts hacking consumer IoT gear, is it ethical? Will it make...
Episode 132 – Bird Scooter: 0, Cory Doctorow: 1
Josh and Kurt talk about the Bird Scooter vs Corey Doctorow incident. We then get into some of the social norms around new technology and what lessons the security industry can take from something new like shared scooters.
Episode 131 – Windows micropatches, Google’s privacy fine, and Mastercard fixes trial abuse
Josh and Kurt talk about non-Microsoft Windows micropatches. The days of pretending closed source matters are long gone. Google gets hit with a privacy fine, that probably won't matter. And Mastercard makes it easier for consumers to not accidentally sign up for...
Episode 130 – Chat with Snyk co-founder Danny Grander
Josh and Kurt talk to Danny Grander one of the co-founders of Snyk about Zip Slip, what it is, how to fix it, and how they disclosed everything. We also touch on plenty of other open source security topics as Danny is...
Episode 129 – The EU bug bounty program
Josh and Kurt talk about the EU bug bounty program. There have been a fair number of people complaining it's solving the wrong problem, but it's the only way the EU has to spend money on open source today. If that doesn't...
Episode 128 – Australia’s encryption backdoor bill
Josh and Kurt talk about Australia's recently passed encryption bill. What is the law that was passed, what does it mean, and what are the possible outcomes? The show notes contain a flow chart of possible outcomes.
2018 Christmas Special – Is Santa GDPR compliant?
Josh and Kurt talk about which articles of the GDPR apply to Santa, and if he's following the rules the way he should be (spoiler, he's probably not). Should Santa be on his own naughty list? We also create a new holiday...
Episode 127 – Walled gardens, appstores, and more
Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here,...
Episode 126 – The not so dire future of supply chain security
Josh and Kurt continue the discussion from episode 125. We look at the possible future of software supply chains. It's far less dire than previously expected. It's likely there will be some change in the
Episode 125 – Open Source, supply chains, npm, and you
Josh and Kurt talk about how open source deals with malicious events. It's probably impossible to stop these from happening, but the open source universe deals with it in its own unique way. We start to discuss what you can do, since...
Episode 124 – Cloudflare’s service workers and the economics of security
Josh and Kurt talk about Cloudflare's new Workers service. We spend a lot of time discussing how economics drives technology, not security. It's quite likely this new service is less secure than existing alternatives, but it will be cheaper and faster which...
Episode 123 – Talking about Kubernetes and container security with Liz Rice
Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.
Episode 122 – What will Apple’s T2 chip mean for the rest of us?
Josh and Kurt talk about Apple's new T2 security chip. It's not open source but we expect it to change the security landscape in the coming years.
Episode 121 – All about the security of voting
Josh and Kurt talk about voting security. What does it mean, how does it work. What works, what doesn't work, and most importantly why we may not see secure electronic voting anytime soon.
Best practices for handling gaps in cloud security
Establishing sufficient cloud security is a complex challenge. Learn where your attention is best directed to achieve the best results.
Behold… a WinRAR security bug that’s older than your child’s favorite YouTuber. And yes, you should patch this hole
Bet all two of you who paid to activate your copy are feeling a little cheesed off at this 14-year-old undetected flaw CheckPoint infosec eggheads are today laying claim to discovering a Windows archiving security flaw that appears to...
Can you really sniff out gas station card skimmers with your phone?
A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...
Canada Helping Australia Determine ‘Full Extent’ of Hack
Canada's electronic eavesdropping agency said Wednesday it is working with Canberra to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election.
read more
Researcher: Not Hard for a Hacker to Capsize a Ship at Sea
Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively...
