Saturday, December 5, 2020
Open Source Security Podcast

Episode 230 – Door 05: 5 reasons you need 24/7 robot monitoring

Josh and Kurt talk about why you need 24/7 monitoring of all the things Links Swiss air force office hours DC-10 cargo door
Open Source Security Podcast

Episode 229 – Door 04: EFF's Cover Your Tracks

Josh and Kurt talk about how the EFF is helping us prevent Internet tracking Links EFF Cover Your Tracks
Open Source Security Podcast

Episode 228 – Door 03: Do all vulnerabilities matter equally?

Josh and Kurt talk about how many security vulnerabilities matter enough to fix? Links A Third of Known Computer Security Flaws Have No Solution Episode 162 – SBOM with Allan Friedman
Open Source Security Podcast

Episode 227 – Door 02: Marketing department or selection bias?

Josh and Kurt talk about cybersecurity statistics and the value of the data we have. Links 24 Cybersecurity Statistics That Matter In 2020
Open Source Security Podcast

Episode 226 – Door 01: Advent calendars

Josh and Kurt talk about advent calendars. We are publishing 25 5 minute episodes in 25 days. Also portable X-ray machines.
Open Source Security Podcast

Episode 225 – Who is responsible if IoT burns down your house?

Josh and Kurt talk about the safety and liability of new devices. What happens when your doorbell can burn down your house? What if it's your fault the doorbell burned down your house? There isn't really any prior art...
Open Source Security Podcast

Episode 244 – Door 19: TLS certificate trust

Josh and Kurt talk about modern TLS certificate trust
Open Source Security Podcast

Episode 243 – Door 18: Don't roll your own crypto or auth

Josh and Kurt talk about why it's a horrible idea to roll your own crypto or auth
Open Source Security Podcast

Episode 224 – Are old Android devices dangerous?

Josh and Kurt talk about what happens when important root certificates expire on old Android devices? Who should be responsible? How can we fix this? Is this even something we can or should fix? How devices should age is...
Open Source Security Podcast

Episode 223 – Full disclosure won, deal with it

Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you...
Open Source Security Podcast

Episode 222 – HashiCorp Boundary with Jeff Mitchell

Josh and Kurt talk to Jeff Mitchell about the new HashiCorp project Boundary. We discuss what Boundary is, why it's cooler than a VPN, and how you can get involved. Show Notes Jeff Mitchell HashiCorp Boundary announcement Discuss...
Open Source Security Podcast

Episode 221 – Security, magic, and FaceID

Josh and Kurt talk about how to get started in security. It's like the hero's journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean....
Open Source Security Podcast

Episode 220 – Securing network time and IoT

Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore's Cybersecurity Labelling Scheme (CLS). It probably won't do a lot in...
Open Source Security Podcast

Episode 219 – Chat with Larry Cashdollar

Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! Show Notes Akamai Larry's website Larry's First CVE
Open Source Security Podcast

Episode 218 – The past was a terrible place

Josh and Kurt talk about change. Specifically we discuss how the past was a terrible place. Never believe anyone who tells you it was better. Part of a career now is learning how to learn. The things you learn...

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

What 20 Leading Cybersecurity Experts Are Predicting For 2021
SecurityWeek

Italy Says Two Arrested for Defense Data Theft

Two people have been arrested for stealing defense data from the Italian aerospace and electronics group Leonardo, the interior ministry said on Saturday. The company has a wide range of activities from naval electronics, network and protection systems, electronic warfare...

The US Used the Patriot Act to Justify Logging Website Users

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news.
ZDNet

Ransomware hits helicopter maker Kopter

Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
ZDNet

Ransomware gangs are now cold-calling victims if they restore from backups without paying

Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.