Open Source Security Podcast 공개
[search 0]

Download the App!

show episodes
 
A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
 
Loading …
show series
 
Josh and Kurt talk about the University of Minnesota experimenting on the Linux Kernel. There's a lot to unpack in this one, but the TL;DR is you probably don't want to experiment on the kernel. Show Notes Linux Bans University of Minnesota for Sending Buggy Patches in the Name of Research University of Minnesota security researchers apologize for …
 
Josh and Kurt talk to Emil Wåreus from Debricked about the future of security scanners. Debricked is doing some incredibly cool things to avoid relying on humans for vulnerability identification and cataloging. Learn what the future of security scanning is going to look like. Show Notes Debricked Emil's Linkedin…
 
Josh and Kurt talk about the PHP backdoor and the Ubiquity whistleblower. The key takeaway is to note how an open source project cannot cover up an incident, but closed source can and will cover up damaging information. Show Notes PHP backdoor Ubiquity coverup 3D printed TSA keys LockPickingLaywer Determining Key Shape from Sound Lock camera…
 
Josh and Kurt talk to Mark Loveless from GitLab. We touch on DevSecOps, what GitLab is doing, threat modeling, and the time Mark tested positive for TNT at the airport. It's a great conversation. Show Notes Mark Loveless Twitter GitLab GitLab Handbook How we approach open source security PASTA threat modeling GitLab security features Tales from the…
 
Josh and Kurt talk about how terrible daylight savings is. GitHub yanking some exploit code. And the Linux Foundation new project to sign all the things. Show Notes Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github GitHub content restrictions Reproducing the Microsoft Exchange Proxylogon Exploit Chain…
 
Josh and Kurt talk to Loris Degioanni and Dan from Sysdig. Sysdig are the minds behind Falco, an amazing open source runtime security engine. We talk about where their technology came from, they huge code donation to the CNCF and what securing a modern infrastructure looks like today. Show Notes Sysdig Falco Loris' Twitter Dan "Pop" Popandrea's Twi…
 
Josh and Kurt talk about this idea that seems to exist in security of "attackers only need to be right once" which is silly. The reality is attackers have to get everything right, defenders really only need to get it right once. But "defenders only need to be right once" isn't going to sell any products. Show Notes Richard Feynman and manhole cover…
 
Josh and Kurt talk about communication. It's really hard to talk about a lot of what we do. How do we know if a device is secure? How do we know our knowledge is correct? Show Notes 90 percent of U.S. bills carry traces of cocaine Is the moon a star or planet? A mole of moles New homeowner 'freaked out' when stranger took control of her security sy…
 
Josh and Kurt talk about the safety and liability of new devices. What happens when your doorbell can burn down your house? What if it's your fault the doorbell burned down your house? There isn't really any prior art for where our devices are taking us, who knows what the future will look like. Show Notes Ring Doorbell recall Ring incorrect screw …
 
Josh and Kurt talk about what happens when important root certificates expire on old Android devices? Who should be responsible? How can we fix this? Is this even something we can or should fix? How devices should age is a really hard problem that needs a lot of discussion. Show Notes Unboxing coins Old Android devices certificate store Steve1989MR…
 
Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you look at the current state of things, this discussion is settled, full disclosure won. Show Notes Hacker One 100 million pa…
 
Josh and Kurt talk about how to get started in security. It's like the hero's journey, but with security instead of magic. We then talk about what Webkit bringing Face ID and Touch ID to the browsers will mean. Show Notes Hero's Journey Mudge's Tweet L0pht at Congress Bob Ross Webkit Face ID and Touch ID for the Web…
 
Josh and Kurt talk about Network Time Security (NTS) how it works and what it means for the world (probably not very much). We also talk about Singapore's Cybersecurity Labelling Scheme (CLS). It probably won't do a lot in the short term, but we hope it's a beacon of hope for the future. Show Notes Network Time Security NTP and the University of Wi…
 
Loading …

빠른 참조 가이드

Google login Twitter login Classic login