Listen Now

Josh and Kurt talk about the new right to repair rules in the EU. There's a strange line between loving the idea of right to repair, but also being horrified as security people at the idea of a device being on the Internet for 30 years. Show Notes EU right to repair repair.eu

Josh and Kurt talk about communication. It's really hard to talk about a lot of what we do. How do we know if a device is secure? How do we know our knowledge is correct? Show Notes 90 percent of U.S. bills carry traces of cocaine Is the moon a star or planet? A mole of moles New homeowner 'freaked out' when stranger took control of her security system Coffee maker ransomware NIST Phish Scale The metric system Operation Paperclip

Josh and Kurt talk about why we do the things we do. Sometimes we have to question everything. Links SLAM missile

Josh and Kurt talk about the idea of information wanting to be free. It's Christmas, we should give it what it wants! Links Hacker Manifesto

Josh and Kurt talk about how to file 1000 security flaws. One is easy, scale is hard.

Josh and Kurt talk about how to report one security flaw

Josh and Kurt talk about bug bounties

Josh and Kurt talk about the switch from 16 to 32 to 64 bit and even the changes from Intel to ARM

Josh and Kurt talk about Apple leaking internal IP addresses. Sometimes we create our own emergencies over things that don't matter. Links Apple's internal IP addresses

Josh and Kurt talk about public key cryptography

Josh and Kurt talk about the OpenBSD security(8) man page and the importance of automating security Links OpenBSD security(8) page

Josh and Kurt talk about the non problems with public wifi we love to pretend matter Links The Half Dozen Risks of Using Dirty Public Wi-Fi Networks

Josh and Kurt talk about why you need 24/7 monitoring of all the things Links Swiss air force office hours DC-10 cargo door

Josh and Kurt talk about how the EFF is helping us prevent Internet tracking Links EFF Cover Your Tracks

Josh and Kurt talk about how many security vulnerabilities matter enough to fix? Links A Third of Known Computer Security Flaws Have No Solution Episode 162 – SBOM with Allan Friedman

Josh and Kurt talk about cybersecurity statistics and the value of the data we have. Links 24 Cybersecurity Statistics That Matter In 2020

Josh and Kurt talk about the safety and liability of new devices. What happens when your doorbell can burn down your house? What if it's your fault the doorbell burned down your house? There isn't really any prior art for where our devices are taking us, who knows what the future will look like. Show Notes Ring Doorbell recall Ring incorrect screw diagram Punctured battery Episode 145 – What do security and fire have in common? Phillips vs Robertson screws wendy knox everette Wendy's presentation on legal liability Tim Burners-Lee privacy company

Josh and Kurt talk about what happens when important root certificates expire on old Android devices? Who should be responsible? How can we fix this? Is this even something we can or should fix? How devices should age is a really hard problem that needs a lot of discussion. Show Notes Unboxing coins Old Android devices certificate store Steve1989MREInfo

Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you look at the current state of things, this discussion is settled, full disclosure won. Show Notes Hacker One 100 million payout Project Zero bug Remington gun trigger class action lawsuit Square windows on a plane

Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! Show Notes Akamai Larry's website Larry's First CVE