Informações:
Sinopse
Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.
Episódios
-
052: I'm Mr. Microsoft today...
07/12/2018 Duração: 35minWhere, O Where, have my Cryptocurrencies gone? Are they hidden in what IBM is dumping? Are they sneaking into Microsoft's new OS? Maybe they are lost in the Marriott/Starwood Data Breach? Where ever they've gone, we don't know. But Microsoft is publishing more of their Minstrel Song as Open Source and the Apple Bards are sharing their Oral Histories with the world. Blockchain Study: 0 for 43 Global Costs to Mine Bitcoin Mining Calculator Will Bitcoin become worthless? IBM dumping Notes Microsoft Windows Lite? Marriott Data Breach Microsoft Open Sources more stuff Infinite Loop. An Oral History. folklore.org He Invented It... -2000 Lines of Code
-
051: Remember Windows NT Pipes?
30/11/2018 Duração: 41minEric fixes a leaky faucet, Jon manages to avoid salad. After some 2 for 1 followup, Stallman wants in on the digital currency scene, Jon
-
050: Not a Wimpy Chip
24/11/2018 Duração: 49minEric and Jon prep for Thanksgiving, while companies don't invest in Cybersecurity. Duo talks Secure Boot on the T2 chip, Jon lets his inner conspiracy theorist out, and Windows Store now accepts ARM64 builds. If getting a digital implant, best to do it sober! Three fun things this week: lyrics analysis, Frankenstein, and judgement of Thanksgiving side dishes. Intro Cybersecurity Priorities Secure Boot on the T2 A12X is FAST Windows on ARM64 It's Bitcode not Bincode Don't Forget Your Implant PIN Repetitive Song Lyrics The First Frankenstein Side Dishes of Thanksgiving
-
049: Jiggy-jog to the left...
16/11/2018 Duração: 33minCloudflare launches DNS Privacy apps for iOS and Android, a security "researcher" gets his hand caught in Krebs' cookie jar, and more speculative execution in x86-land. Jon describes his favorite whistle and Eric discovers you can build a cashless payment system without a blockchain. Intro Cloudflare's DNS Privacy Apps "Researcher" playing both sides... More Speculative Execution @ Intel WHLSL Sweden goes cashless (sans blockchain)
-
048: Stamp of Approval
10/11/2018 Duração: 35minEric continues basement construction, and Jon gets stung (but not by a bee). A tale of two cryptocurrency topics: the good and the sad. HSBC is breached, but we doubt the statistics about successful credential stuffing. And Krebs has a great article about skimmers in your online shopping cart. DeOldify is machine learning for colorizing old photos, and Eric's got three fun things this week. Intro Yellow Jacket != Honey Bee More Upload Plugin Fail Statcounter Trojan Horse Cryptocurrency Tumblers Ethereum City Celebration, Florida HSBC Breach Cart Skimmers Bend Trails Paypal Data Sharing Dorking for Printers DeOldify
-
047: That's my next band name...
02/11/2018 Duração: 46minHappy Halloween! We reflect on some ad fraud and right to repair followup, contemplate CAPTCHAs, cerebrate insecure devices, ponder Big Blue and their Red 34-billion-gallon Hat, and, uh, think, or errm, well, you know, chat about, um, filler words and top it all off with some good ol' reinforcement learning. Happy Halloween! Now go Vote. Ad Fraud Followup Right to Repair Followup Google reCAPTCHA v3 Google Home Insecurity GitHub Incident Writeup IBM Buys RedHat How to Stop Saying "Um", "Ah" and "Ya Know" Reinforcement Learning
-
046: It's a World Gone Mad
26/10/2018 Duração: 45minImplausible Bloomberg followup, JQuery plugin vulnerability (not JavaScript!), and no more GrayKey. An interesting theoretical Cromium vulnerability and an absolutely epic ad fraud article. Eric's screentime has stopped working, and Jon enjoyed the Apologetic Miner. Intro Kumoricon LibSSH Docker Container Implausible Supermicro JQuery Plugin "Zero Day" GrayKey Stops Working Cromium Vulnerability Massive Ad Fraud Screen Time in iOS 12 The Apologetic Miner
-
045: Your glass bottles didn't explode?
18/10/2018 Duração: 27minJon and Eric, live(ish) from Las Vegas! Facebook (again) and the coming PHPocalypse, along with a vulnerability in libssh. Jon learns about The Big Mac Index on a trip to Argentina and Eric geeks about The Illustrated TLS Connection. Intro McAfee MPOWER Jon's Root Beer Facebook Update Facebook Portal The PHPocalypse Vulnerability in libssh The Economist publishes... ...The Big Mac Index on GitHub The Illustrated TLS Connection
-
044: How About We Cheer on Microsoft
12/10/2018 Duração: 46minEric and Jon both use chat support for network gear, the Bloomberg story gets stranger, and a double pile on Facebook and Google Plus. Microsoft joins OIN, opening up its patent portfolio. For fun Eric likes The Good Place, and Jon likes both The Broken Earth trilogy as well as binary layout optimization(??). Intro Frontier Woes Amplifi Teleport Setup Bloomberg Followup More Bloomberg Followup Facebook's Access Token Bug Verge on FB Breach Whatsapp Video Vulnerability Google Plus No More Microsoft Joins OIN The Good Place Codestitcher The Broken Earth
-
043: I probably shouldn't say that On Air
06/10/2018 Duração: 38minBurgerville isn't safe from data breaches, despite their fabulous fresh fruit milkshakes. The GRU minions make some rookie mistakes. Aaaand, boom. Bloomberg drops the "All your hardware are belong to us" bomb. Eric likes Volkswagen, Jon likes doodles, and they both like Weird Al... Burgerville breach FBI Report: FIN7 Wired: FIN7 Followup - Episode 41: Freeze your Credit Reckless campaign by Russian military Car registration leak... Bloomberg: The Big Hack Eclypsium: Hardware Supply Chain Threats @thegrugq: Supply Chain Security Risky Business Podcast Patrick Gray: Doubling Down Volkswagen for CI Tess Ferrandez: Deep Learning Weird Al: Mission Statement
-
042: Wisely Sensitive
28/09/2018 Duração: 41minA class action lawsuit is filed for NCIX data sale, 854 million worth of cryptocurrency has been stolen in 2018, and Monero fixed a catastrophic bug which would allow someone to 'print' money. Google backs off forced logins to chrome after pressure from the community. Why we have insecure software, and Facebook demonstrates the opposite of Google's old mantra. More software musings and Azure Functions 2.0 debuts. NCIX Class Action Lawsuit $854 Million Worth of Cryptocurrencies Stolen in 2018 Monero "Catastrophic" Bug Vess' Monero Comment Chrome Auto-login Matthew Green Chrome Rant Why Software Remains Insecure Facebook Allows Targetting by "Shadow Contact Information" Notes About Software Azure Functions 2.0 Launches 42
-
041: Look at you, Mr. Asterisk - Asterisk Man!
23/09/2018 Duração: 40minRight to Repair is back with Tractor Talk. Eric chats cryptocurrency losses and potential losses. Jon agrees with Jeff, there is only security - and what happens to computer data when a company goes under? Eric hikes a volcano and Jon freezes his credit. Farm Lobby & Right to Repair Episode 009 Cryptocurrency Exchange loses 60 million The Bitcoin Bug was Really Bad™ There is only Security Digital data from a defunct business Eric hikes Mt. St. Helens Free Azure CI/CD Pipelines Free Credit Freezes
-
040: Grand Challenge Accepted
15/09/2018 Duração: 44minEric talks Blockchain security at LA conference, another MongoDB is exposed on the internet, and California poised to pass an IoT security law. Aadhaar grand challenge (episode 32) accepted -- evidently Aadhaar enrollment software is routinely modified. For fun, Eric suggests the Netflix Origins series, and Jon collects and stores seeds for next spring. Eric at MWC Americas Marketing Database Exposed Mongo Security Guidance CA IoT Regulations Aadhaar Software Vulnerabilities UIDAI Denial Netflix Origins Collecting Flower Seeds
-
039: Don't use glass, she said... We used glass...
07/09/2018 Duração: 43minJon makes root beer. Eric paints. Google Chrome turns 10. Exposing your .git on the web. First email addresses and the Web Design Museum. Google Chrome Turns 10 Browser Wars Exposed .git on the Web What's a Tarpit? Join in part Canadian? Smashing Security Podcast Web Design Museum
-
038: Randomly SSHing into Teslas
31/08/2018 Duração: 36minBack from two more road trips. What life is like when your last name violates profanity filters, and horror stories from (maybe?) an ex-Tesla IT person. Fun with spammers and a book-length article about What-Is-Code. WA International Kite Festival "Offensive" names Former Tesla IT Engineer Stories GitHub DDoS Recovery Spamming Spammers What is Code?
-
037: I built a spaghetti bending machine!
25/08/2018 Duração: 34minScam phone calls are still a thing and apparently you can hack multifunction printers by sending a malicious fax. Eric can't describe a video and Jon bends spaghetti. Followup: Hacking voting machines Quick Take: Teen Hacks Apple Phone Scams - "Windows Security" Phone Scams - "IRS Sends Local Cops" IRS Back to School Scam Alert Hacking by fax Sidenote: It is Gif as in Gift, Jon Fabricated Spaghetti Bending Backstory: The Adam Savage Quote
-
036: Goofy Month, Day, Year
18/08/2018 Duração: 34minBlackhat and Defcon roundup, including the keynote, voting machine hacking, breaking voice authentication, and hacking various devices, like heartbeat monitors, tornado alarms, and bodycams. Eric asks about early books, and it's Palindrome Week in the land of goofy date formats. Blackhat Week Parisa Tabriz Keynote 11 Year Old Hacking Cracking Voice Authentication Spoofing a Heartmonitor San Francisco Alarms Bodycam Vulnerabilities Eric -- Danny the Champion of the World Jon -- Hardy Boys Palindrome Week
-
035: Didn't they have the Iron Lung in the '40s?
12/08/2018 Duração: 43minMobile phone voting? Ummm... Its a little more complicated than people believe. Comcast fixes some bugs. Jon wants a BioReactor. Eric brags about his "Porsche". Underwater Fish Cam Episode 027! Mobile Phone Voting GossiTheDog on Voting Voatz Response XKCD on Voting Comcast Bugs! Reset Apple Watch without Passcode We grew a lung! Eric's First Car: '67 VW Bug Jon's First Car: '73 Oldsmobile Cutlass Supreme
-
034: Recording on Battery
05/08/2018 Duração: 38minEric is STILL fishing, but in Idaho. Recording on battery in his truck (dedication!). Edge gets Web Auth support, inmates in Idaho get free emails, and Reddit is breached via SMS. Software continues to eat the world and Verizon has released a great visualization tool against years of DBIR reports. Hiking and a bit of Apple introspection for fun. Edge Gets U2F Reddit Breach Inmate Exploitation 2011: Software Is Eating the World DBIR Data Visualizations Take a Hike... Apple @1T Cash View Four Million Beta Users
-
033: Thanks For All The (Lack Of) Phish
27/07/2018 Duração: 35minEric successfully fishes, and Jon fixes his QNAP issue. Google says they haven't been phished since deploying U2F keys in 2017. Chrome flags HTTP sites as 'Not Secure' and Troy posts a video for why HTTPS matters even for static 'marketing' sites. Old movie GIFs and water on Mars. QNAP Issue was Plex Can't Phish This (Google) Just Having 2FA isn't Perfect Chrome 68 Arrives Integrity Matters https://www.reddit.com/r/silentmoviegifs/ Water On Mars