Mostly Security

  • Author: Vários
  • Narrator: Vários
  • Publisher: Podcast
  • Duration: 226:57:20
  • More information

Informações:

Synopsis

Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.

Episodes

  • 132: Flipping Star

    20/06/2020 Duration: 48min

    Games, networks, filtering, and bees to start. Jon did a quantum podcast, Excalidraw is cool, and Words Matter. Ripple20 has only 19 vulns (Intel's affected), phishing private notes for bitcoin, and theft of a master key. For fun try Inspriobot, read More Pages Than You Want about programming languages, and enjoy Space Parallax from the 21st century! 0:00 - Intro 4:12 - Cloudflare Filtering 5:51 - Mason Bees 15:13 - Quantum Podcast 16:35 - Excalidraw 17:55 - Return of Trunk 21:04 - Ripple20 25:25 - Intel Advisory 28:24 - Privnote, Phished 34:34 - South African Bank 38:33 - Inspirobot 40:59 - ACM on Programming Languages 45:04 - Space Parallax

  • 131: The Doodle That You Do

    13/06/2020 Duration: 42min

    Jon breaks Big News on the Podcast. Eric Plays Video Games. Patch Tuesday says Super Size Me. Apple says Let's Help a Password Manager out. Honda says Hold Up a Minute. SGAxe says Hello (No relation to the body spray). Eric Doodles while Jon Noodles on his Network. Finally, Ty says Thank You, Germany... 0:00 - Intro 1:23 - Rocket League 4:59 - Big News 10:13 - Super Size Patch Tuesday 11:45 - Apple Password Resources 14:15 - HTML Tag for Passwords 15:47 - Honda Cyberattack 17:38 - SGAXE 27:32 - DeepFace Doodles 30:01 - Jon's Network 41:27 - Weather By Ty

  • 130: Black Lives Matter

    06/06/2020 Duration: 44min

    Rough week for so many people. #BlackLivesMatter. Talk to your kids. Protest. Donate [time|money|both]. In the security world, the iOS Jailbreak is patched, there's a big Thai cell provider leak, a vulnerability in Sign in with Apple is fixed, and one of the largest dark web hosting providers is taken offline. For fun this week, Eric brings an 8gb Pi, and Time.gov, which can measure your clock. Jon brings hot Qubits and good audiobooks. 0:00 - Introduction 4:56 - Scalzi Easy Mode Post 15:42 - iOS Jailbreak Patched 17:25 - Thai Cell Network Leak 21:39 - Sign In With Apple Hack 25:52 - No Backups 29:25 - 8 Gigs of Pi 32:38 - Measuring Clocks 35:39 - Hot Qubits 39:01 - Lady Astronaut Series 42:29 - Mary Robinette Kowal

  • 129: Just Making Stuff Up

    29/05/2020 Duration: 51min

    Eric logs another 1500 miles. Jon does more bee stuff and then can't print a microscope. There's a blue mockingbird with a juicy potato. A jailbreak is unc0vered and Alex Stamos starts with 0 and lists some levels of privacy protection. Eric tries some zsh aliases and marvels at 23 movies in chronological order... BY SCENE... Jon likes Cicada Prime, a windows package manager, and the history of the entire world while Eric sneaks in another Mt. St. Helens plug... 0:00 - Intro 12:59 - Semi-Followup: Microscope Printing 17:37 - Blue Mockingbird 18:39 - Juicy Potato 20:31 - Unc0ver Jailbreak 24:21 - Levels of Privacy Protection 33:12 - zsh aliases 36:13 - Marvel Movies: Chronological Order By Scene 41:17 - Cicada Prime 46:18 - WinGet Package Manager 48:58 - history of the entire world, i guess 50:07 - Mt. St. Helens is about to Blow Up

  • 128: Mutant Bacterial Enzyme

    23/05/2020 Duration: 54min

    Welcome to Blackberry talk. Hospitals need to fix things too, and how to decode a data breach. Signal proxies Giphy, unemployment fraud, chrome 83, and Tracked By Beer. St. Helens erupted 40 years ago this week, you can build your own microscope with a Pi and a 3d printer, plastic eating enzymes and massive migrating magma blobs! 0:00 - Intro - too much about Blackberries 13:12 - Right To Repair in Medicine 15:03 - iFixit Repair Manuals 16:31 - Decode a Data Breach 18:34 - Signal + Giphy 21:19 - Unemployment Fraud 25:21 - Chrome 83 31:34 - Tracked by Beer 38:24 - Mt. Saint Helens 40th Anniversary 41:08 - Open Flexure 46:05 - Plastic Eating Enzyme 49:33 - Magma Blobs

  • 127: Hi, Mom!

    15/05/2020 Duration: 42min

    What day is it? Eric saves a bird, Jon sees free bees in a tree. Zoom scouts Keybase. Twitter makes work from home permanent. Ohio gets HSDOS'd, Hackers attempt a Wordpress Hijack, and you've been... uh... Thunder... um... Thunderspy'd. Finally, Eric does some shameless promotion of his boy's podcast and Jon watches a show. 0:00 - Intro 5:42 - Baby Bird 14:23 - Swarm Of Bees 14:47 - Zoom + Keybase 18:15 - Twitter Remote Work Policy 21:37 - Ohio’s COVID Fraud Website 24:23 - Wordpress Hijack Attempt 27:18 - Thunderspy 33:05 - weatherbyty.com 36:29 - AirPod Pros 39:05 - Devs

  • 126: Blame The Goats

    09/05/2020 Duration: 52min

    Social Isolation continues, and Jon has lost a bee colony (boo). Apple's T2 chip is a nightmare for refurbs, and two breaches this week. Social engineering doesn't qualify for bug bounties, facebook crashes lots of apps, and an icon-based-web-skimmer. For fun we have a time lapse and low light raspberry pi project and a 3d mini patreon to follow. 0:00 - Intro 10:44 - T2 Nightmare for Refurbs 17:01 - GoDaddy SSH Compromise 18:45 - Pakistani Mobile Users Breach 21:47 - Roblox "Hack" 26:12 - Facebook SDK Crash 28:47 - FBSDK GitHub Issue 32:11 - Favicon Based Skimmer 35:30 - PI-TIMOLO 41:57 - Artisan Guild 47:31 - MyMiniFactory

  • 125: Embrace Your Ignorance

    01/05/2020 Duration: 45min

    Eric reports on his Utah homework - receives an "F". Jon reports on his fence mending - receives an "Ouch". Hanging with Goats. Crashing Twitter. Exposure Notification (not camera related). Fuzzing and Image Processing. Falling for a phone scam. Eric might build a DIY Busy Light. Jon might buy a Mini CNC. 0:00 - Intro 4:57 - Byzantine Generals Problem 11:24 - Goat To Meeting 12:41 - Twitter App Crash 16:05 - Not Contact Tracing 17:26 - Breach Of The Week 19:58 - Apple 0clicks 22:54 - Episode 100 Fuzzing 24:39 - Industrial Control 27:07 - Falling For A Phone Scam 36:06 - DIY Busy Light 39:00 - Mini CNC

  • 124: Battle Of The Queens

    25/04/2020 Duration: 49min

    Walks in the rain for Eric and a Massive Bee Weekend for Jon. Facebook nudging people who like covid-19 misinformation, Avatarify deep fakes you, and Stripe has good API docs. An exposed payment processor for the breach this week, typosquatting Ruby Gems, Cloudflare tries to shame ISPs into security, and there's a bad iOS mail bug found. For fun, we have a game about nothing, earth day, and AI for audio. 0:00 - Intro 4:01 - Bee Weekend 10:32 - Facebook 11:31 - Avatarify 13:05 - Mostly Security Backgrounds 13:33 - Stripe API 15:23 - Paay Breach 18:37 - Ruby Typosquatting 19:19 - Npm Image Airplane Slide 24:03 - Cloudflare + BGP 29:11 - Previous Cloudflare+BGP Episode 30:02 - iOS Mail Vuln 39:01 - Seinfeld Game 41:35 - Earth Day 46:05 - Nvidia RTX Voice

  • 123: Don’t Jinx Me

    17/04/2020 Duration: 41min

    Eric is confused by who wears a mask and who doesn't in public. Jon does a lot of gardening and bee stuff while listening to Air Supply. Just to be clear, there are no new scams, just repackaged scams. Microsoft, Zoom, Apple and Google Followup notes. Utah is tracking visitors to the state. Eric chats Snyk, Jon defines Doxing. Finally, a Raspberry Shake Vault and Old Man's Shark. 0:00 - Intro 12:20 - Send us bitcoin or we release photos 13:15 - Have I Been Pwned 13:40 - Episode 57 14:08 - Microsoft Vulns 15:55 - Zoom 0day 18:14 - Privacy Tracing COVID-19 22:25 - Utah Border Control 27:02 - Snyk VSCode Scanner 30:32 - Doxing 34:30 - Raspberry Shake Vault 37:21 - Old Man's Shark

  • 122: The World Is Your Greenscreen

    10/04/2020 Duration: 56min

    Fourth week of Social Distancing continues, and followup is now 'zooming-up.' Breach of Italian email provider. There's a new SMS OTP Standard proposal, and a potential way to do contact tracking in a private manner. If you know Cobol you may be needed in New Jersey. Eric has fun with maps and food, and Jon brings a new green screen technology and hacking with Swift. 0:00 - Intro 1:54 - Online Schools in Oregon 5:12 - John Krasinski 12:33 - Zoombombing Illegal 17:15 - Zoom "Encryption" 19:46 - Zoom Security Council 21:37 - Email.it Breach 23:37 - SMS One Time Password Standard 28:05 - Private Contact Tracking 33:28 - COBOLers Wanted 43:03 - Fun With Maps 45:49 - Our Best Bites 47:25 - Background Matting 52:52 - Hacking With Swift

  • 121: It’s A One Head Canoe

    03/04/2020 Duration: 44min

    Zoom Zoom Zoom Zoom Zoom Zoom Zoom Zoom. COVID-19 COVID-19. Breach Breach. (s + "Attack" for s in ["Mask","Ultrasonic","Router"]). Canadian Comedy. Squid Insanity. Mistborn. 0:00 - Intro 11:37 - Zoom Followup 12:08 - Zoom 4 Mac 12:11 - Zoom 4 Windows 14:12 - Coronavirus Website Templates! 14:53 - Coronavirus Cell Phone Data Tracking 16:27 - BOTW: Not Sponsored By Under The Breach 16:54 - Georgia Citizen Details Breach 18:44 - Marriott Loyalty Program Breach 21:31 - Facial Recognition With A Mask 27:54 - Ultrasonic Attack 28:12 - Episode 24 31:42 - Home Router DNS Redirection 34:25 - Meandering: RPi Speed Test 35:55 - Four On The Floor 36:03 - SCTV 36:16 - Kids In The Hall 36:39 - Mr. Canoehead 38:20 - Squid Fun 41:38 - Mistborn

  • 120: I Dyed My Hair Purple

    27/03/2020 Duration: 57min

    Eric has numerous Covid adventures, while Jon is "on PTO." Followup on Chrome, Covid domains, and tracking social distancing. Zoombombing (ick) and Zoomtracking (ugh). Covid spammers use an open HHS redirect, and Microsoft has another zero day. For fun we have Covid stories true and false, Where's Waldo, and 3D printing. 0:00 - Introduction 0:10 - Purple Hair 2:04 - Planes, Trains And Automobiles 18:00 - Chrome Pauses Updates 18:47 - Namecheap Avoids Covid Domains 19:44 - Distancing Compliance 25:11 - Zoombombing 28:36 - Zoomtracking 33:13 - HHS Open Redirect 38:14 - Microsoft Font Zero Day 40:33 - Mostly Security #102 44:42 - A Silver Lining 46:15 - Fake Good News 48:19 - Where's Waldo 49:20 - 3d Printer

  • 119: Potions and Lotions

    21/03/2020 Duration: 36min

    Mason Bees and Breaches. Lots of Coronavirus. HomePwn and Dark Matter. Short and Sweet. 0:00 - Intro 3:31 - Mason Bees 7:25 - Breach Of The Week 10:11 - Coronavirus Scams - FTC 15:26 - Coronavirus Domains 20:09 - Hospital Attack 23:27 - WordPress and Struts 26:24 - HomePwn 29:38 - Dark Matter

  • 118: Peptide Or Pepto Bismol

    14/03/2020 Duration: 47min

    Stay safe and wash your hands folks. Hard to avoid the Corona talk this week. Lots of followup: Folding@Home, Robocall legislation, and more Right to Repair. There's a sensitive breach at Whisper, Facebook is suing domain registrars (maybe a good thing), and an easy way to clone car keys. LVI is the latest hardware bug, and SMBGhost the big Microsoft news this week. Eric's fun is Egging for Vaccines, and Jon admires a moon-howling, scorpion-hunting mouse. 0:00 - Introduction 3:44 - Corona Medium Post 5:30 - Get Shorty 5:59 - Powell's Books 6:27 - Folding@Home for Corona 8:01 - Robocalls 9:26 - Right To Repair 14:59 - Whisper Breach 18:24 - Facebook Sues Domain Registrars 22:08 - Car Key Cloning 25:08 - Load Value Injection 30:41 - SMBGhost 36:24 - Eggs For Vaccines 41:46 - Mouse Vs Scorpion

  • 117: I’m Pullin’ A Jon

    06/03/2020 Duration: 38min

    Cast/Snip is back, Jon and Eric don't see Harry Potter and the Oregon Symphony together, and some restored film followup (with sound!). Jon does vicarious bee shopping and Eric drops some Coronavirus scams. Then we talk about Android stuff for some reason. Weird. Finally, SETI@Home is ending while WebAssembly is ramping up. 0:00 - Intro 0:13 - Squares On The Wall 1:43 - Cast/Snip Is Back 6:29 - Cast/Snip Source 7:05 - Harry Potter And The Oregon Symphony 9:29 - Shopping For Bees 10:30 - Restored Film Followup 12:29 - Coronavirus Scams 16:27 - One Beeeellion Downloads 19:59 - Stealing 2FA 22:06 - Mediatek Rootkit Exploit 31:50 - Satellite Disk Exploit 32:22 - SETI@Home Ending 34:43 - Clang In WebAssembly 35:58 - WAPM

  • 116: A Little Frogsicle

    28/02/2020 Duration: 47min

    A busy weekend at the auto show (Eric) and without power (Jon). Listen to Short Wave. MGM Breach wasn't exactly last week. Eero adds support for homekit, a billion vulnerable wifi devices, a chrome zero day, and sharing WhatsApp group links. For fun, we have The Indicator => Netflix => Documentaries => Frozen Amphibians, and blood test results. 0:00 - Introduction 5:36 - Auto Show 7:53 - Ford Mach-E 8:57 - Short Wave 9:57 - MGM Breach 11:47 - Homekit Eero 18:29 - Billion Wifi Devices 23:51 - Chrome Zero Day 26:55 - WhatsApp Group Links 30:59 - The Indicator 35:22 - Frogsicle 38:23 - Everlywell

  • 115: Dejunkify

    22/02/2020 Duration: 43min

    Eric cleans, Jon drops bark dust. If your email address hasn't been compromised, is it a real email address? Some SameSite Cookies and OpenSSH ❤️ FIDO U2F. More Data Brokers with odd names and a PAN Enumeration Attack. Cheating McDonald's in Germany, a Paper Airplane Folding Machine and where the Stonehenge Bluestone Quarry lies. 0:00 - Intro 2:55 - Dejunkify 6:49 - Pwned Indicators 8:03 - SameSite Cookies 8:18 - 110 11:13 - OpenSSH ❤️ FIDO U2F 14:29 - Yodlee? 22:22 - PAN Enumeration Attack 32:39 - Cheating McD 35:50 - Pseudo Articley 37:39 - Paper Airplane Folding Machine 39:11 - Stonehenge Quarries

  • 114: Pineapple Infection

    15/02/2020 Duration: 34min

    Three breaches this week. Chrome will begin blocking HTTP downloads, Intel releases a CSME patch, and Emotet begins spreading via insecure WiFi. Eric joins a majority of Americans being Wrong About Pizza, Amazon reviews can be hilarious, and how to create a (virtual) traffic jam. 0:00 - Introduction 1:03 - Acrylic Pens 2:04 - Holly In Grass 2:32 - Augustin Hadelich 6:00 - Israel Voter Breach 8:27 - Denmark Citizen Breach 9:33 - Prisoner Data Breach 10:59 - Chrome will block HTTP downloads 15:59 - Intel CSME Vulnerability 19:28 - Emotet Spreading via WiFi 26:07 - Pizza Fun 29:22 - Tungsten Cube Review 31:22 - Virtual Traffic Jam

  • 113: I Have Joined Dongletown

    07/02/2020 Duration: 41min

    A breach, a license plate and a WebEx flaw walk into a bar in Dongletown to caucus while listening to the symphony and find a bunch of fun. 0:00 - Intro (SPACE!) 5:08 - I Have Joined Dongletown 7:13 - SpiceJet Breach 9:14 - OpenALPR 10:13 - Episode 93: License Plate 16:37 - WebEx Flaw 21:00 - Caucus App 31:33 - Fun Fact 33:27 - Fun Video 35:38 - SPACE! 37:28 - Picard! 40:38 - Little Corny Parts

page 11 from 17