Mostly Security

  • Author: Vários
  • Narrator: Vários
  • Publisher: Podcast
  • Duration: 226:57:20
  • More information

Informações:

Synopsis

Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.

Episodes

  • 112: Friends Dont Let Friends Flash

    01/02/2020 Duration: 33min

    Another week, another episode. NFL Twitters are hacked, Microsoft support has a huge breach, Botnets are battling, and Macs are Shlayered. If you aggregate public info and multiple breaches, the consequences are "interesting" ... and evidently Americans DO still go to libraries. And museums. Go Smithsonian! 0:00 - Introduction 0:27 - 1917 3:54 - How To Offend Four Groups Of Nerds 8:39 - Football Twitter 11:32 - Microsoft Breach 15:17 - Botnet Battle 18:11 - Sextortion Post 18:56 - Shlayered Macs 22:47 - Breach Aggregation 26:00 - Library Often? 30:06 - Natural History Museum

  • 111: Rick Astley And A Curveball

    25/01/2020 Duration: 28min

    There's a fire at the High School and Eric drives to Eugene. Jon doesn't remember his weekend but extolls the virtues of ditching the Costanza Wallet. More notes on the Windows Vulnerability with a great McAfee article on the math behind it. (Obligatory Note: More lost credentials!) Finally, an SML Illusion, US Flag Commentary and "I Have A Dream". 0:00 - Intro 7:03 - More Magecart 7:34 - Episode 96: An Especially Hardy Perennial 8:33 - I Ditched My Constanza Wallet 10:16 - Cops Use Pictures Used To Find You 11:22 - Windows Vulnerability 13:24 - Curveball Math 17:14 - Rick Astley And A Curveball 17:45 - Is There A Logo For It? 18:19 - Lots Of Telnet Creds 22:41 - A Sinusoidal Müller-Lyer Illusion 25:00 - 50 Flag Commentary 27:11 - MLK I Have A Dream

  • 110: On That Disappointing Note

    17/01/2020 Duration: 39min

    Back from Texas, and presumably done with brisket for a while. What to look for in a tractor (repairability). A billion medical images can't be wrong, lax cookies, and Super Patch Tuesday. Eric's fun is an AI Dungeon, and Jon points to a LoTR blog by Ian McKellen. 0:00 - Introduction 5:48 - Right To Repair 10:29 - A Billion Medical Images 15:46 - Lax Cookies 23:05 - Patch Tuesday 29:26 - AI Dungeon 34:40 - Ian McKellen's Blog

  • 109: Is that a Satirepot?

    10/01/2020 Duration: 53min

    Live, frome Plano, Texas! It's Mostly Security! Much brisket is consumed and Raj Samani joins the show. What happens to your digital life once you or a loved one has passed on? Is the public ready to embrace security as a marketing feature? Raj tells a joke, Eric shares admin thoughts, and Jon reminisces about old tech. 0:00 - Intro 7:14 - Hey Siri What's My Password 22:49 - Apple and Security Research 28:44 - What's in the Box? 28:52 - Bypassing Garage Doors 29:05 - The Cloning of the Ring 41:29 - Why can't you trust atoms? 42:03 - Quantum Computing Joke 42:31 - Undocumented Admin 44:45 - Attaching 1980's HD to an iPhone

  • 108: Define "Appreciate"

    04/01/2020 Duration: 50min

    Eric and Jon discuss the holiday; an exposed elastic search instance, and a Wawa-winner of the gas station Visa article. What is a Quine, anyway? Restaurant chain Landry's breached from loyalty systems, data cars collect, and how to perform a reverse image search. For fun we have creative ways to exit VI, the oldest known cave paintings, and Public Domain day. 0:00 - Introduction 12:44 - Exposed Wyze ElasticSearch 15:31 - Wawa POS Malware 17:06 - Javascript Quine 19:44 - Landry's Restaurant Breach 24:12 - Data Cars Collect 35:21 - Reverse Image Search 44:26 - How To Exit Vi 46:17 - Oldest Cave Paintings 47:43 - Public Domain Day

  • 107: Bifurcate the People

    26/12/2019 Duration: 46min

    Happy Holidays! Ring still has issues, and now they've really irritated Eric. Jon digs into ToTok (not to be confused with TikTok). Facebook can't catch a break and millions are tracked everywhere you might not want tracking. Jon has some scientific fun and Eric notes a playdate (but not with cats). 0:00 - Intro 9:54 - Ring Followup 11:58 - Eric's Tweet Rant 15:00 - ToTok is not TikTok 31:22 - Facebook Uses Location... 35:21 - Billions Tracked... 38:37 - Science Fun 42:20 - Playdate Update 44:17 - The "Cat"astrophe

  • 106: The Struggle Continues

    21/12/2019 Duration: 47min

    Both Eric and Jon have seen Jumanji; Nebraska farmers like Right to Repair. Visa says gas stations are vulnerable, Unicode is (both?) evil and awesome, and we discuss the state of Ransomware in 2019. For fun, we have a nuclear impact map application (??) and Kotlin vs. Java. Also some ancient blog references. 0:00 - Introduction 2:23 - Jumanji: The Next Level 5:20 - Mead Update 8:14 - Right To Repair in Nebraska 11:22 - Vulnerable Gas Stations 19:10 - Hacking Github with dotless 'i' 21:51 - Evil Twins 24:54 - Awesome Unicode 26:44 - State of Ransomware 38:02 - Nukemap 41:15 - Kotlin vs Java 42:30 - Android+kotlin 45:27 - Kingdom Of Nouns

  • 105: Who likes their plunder?

    14/12/2019 Duration: 40min

    Eric thinks cooking with warm water is cool. Jon makes cool cutting boards. iPhone 11 Location follow up along with a new segment, "Open Bucket of the Week". A macOS fileless attack and TikTok in Trouble. Finally, we talk about pirates and a whole lot of fun. 0:00 - Intro 2:06 - Sous Vide 5:52 - Cutting Boards 9:41 - iPhone 11 Location Follow up 13:05 - Open Bucket Of The Week Follow Up 16:00 - macOS Fileless Attack 19:54 - TikTok In Trouble 22:37 - PlunderVolt 31:17 - Holiday Music - Pentatonix 32:40 - Holiday Music - The Piano Guys 33:54 - Deep Sea Scrolling 35:53 - PracticalAI.me 38:05 - Ace Of Clay

  • 104: No Mashed Potatoes?

    07/12/2019 Duration: 47min

    Eric sees multiple movies over Thanksgiving, while Jon ... does not. Two years to upgrade OS of emergency system in S.F., and Sprint's marketing firm has an open bucket. Eric has a mobile theme with both Android and iOS issues, and Jon details VPN issues and upcoming ARM instances in AWS. Eric enjoys his Pixel4 and @engineeringvids while Jon takes a break from ScienceFun for a post of basic command line tools. 0:00 - Intro 1:04 - Knives Out 5:44 - Two Year OS Upgrade 7:09 - Dispel Dice 9:22 - Open Sprint Bucket 12:48 - StrandHogg 17:10 - iPhone Location Services 20:55 - NordVPN and Disney+ 27:20 - Graviton2 Instances 36:02 - Pixel4 38:33 - @engineeringvids 40:55 - Basic Tools

  • 103: Hold Out for the Big Bucks

    30/11/2019 Duration: 33min

    Pre-Thanksgiving Show, Post-Thanksgiving Edit. Some Followup on the NSA Advisory. Eric chats about Google wiping a personal phone and airplane warning lights being hacked. Jon gives 32,768 reasons to update your HP SSD and another big data "exposure". The Google Product Cemetery and Extrasolar Objects round out the fun. 0:00 - Intro 6:38 - NSA Advisory Followup 10:41 - MDM and Wiping Phones 13:20 - Airplane warning lights hacked 16:08 - HP SSD Update 20:08 - Data "Exposure" 23:23 - Personal Data is like Nuclear Waste 26:13 - The Google Cemetery 29:13 - Extrasolar Objects

  • 102: Disable the Off Switch

    23/11/2019 Duration: 43min

    Been a busy week, and Eric's still fighting with his network. Not that Jon has one. Egregious terms of service at Ring and the cops confirm bluetooth scanners are in use. Also, it's Data Leak Day! (Every day is data leak day). There's some weird stuff going down in Shanghai, and you, you, everyone gets a preview! Cloudflare can't rhyme, let's talk CRISPR/Cas9. 0:00 - Intro 6:41 - All Your Face are Belong to Us 10:12 - Scanner Use Confirmed 13:14 - WeWork Contracts Exposed 15:46 - Rev Transcriptions Security 19:11 - GPS Crop Circles 26:18 - Schneier on Shanghai 27:27 - Previews for All! 33:35 - Flan Scan Doesn't Rhyme 36:19 - CRISPR Sickle Cell Patient 41:55 - CRISPR/Cas9

  • 101: No Books For You!

    16/11/2019 Duration: 38min

    Eric hangs out in San Francisco while Jon makes a pen. There's a Facebook Bug, a Confluence Bug and an NSA Advisory, along with some more ransomware notes and something about zombies? Eric reminisces about museums and Jon nostalgizes about Mosaic. WASM! 0:00 - Intro 4:09 - Jon Makes A Pen 8:11 - Facebook Bug 11:53 - Confluence Bug 15:18 - NSA Advisory 17:29 - Pemex Ransomware 21:04 - Zombieload 2 26:24 - The Exploratorium 29:30 - Mosaic Turns 26 33:18 - WebAssembly

  • 100: Give it Some More Shrift

    09/11/2019 Duration: 46min

    Episode 100! This episode is Mostly Intro and Followup. Synology and QNAP; Pizza, Root beer, and Mead. Control your Echo with a laser, OpenSSH to support U2F, and beware insider threats. The Untitled Goose Game allows code injection; Fuzzing open source for fun and (no) profit. Could we decay nuclear waste with Ultra Fast lasers? And separation of music into tracks using machine learning. 0:00 - Welcome to episode 100! 3:19 - New Synology 4:29 - Cheese Pizza and Rootbeer Test 5:31 - Digiorno Delivers 8:08 - Making Mead 15:00 - QSnatch 16:02 - OpenSSH to support U2F 17:04 - Laser Controlled Voice Tube 21:19 - Trend Insider 22:18 - Episode 29 23:48 - Untitled Goose Game 27:18 - Fuzzing Libarchive 28:48 - OSS-Fuzz 37:04 - Chirped Pulse Amplification 40:53 - Spleeter  

  • 099: Smoked a pack

    02/11/2019 Duration: 44min

    Eric has more fun than expected at a Weather Conference and gets to use a censor beep while editing. Jon waxes eloquent about 99 episodes, which coincidentally is the number of years between events in the Zero Hour Podcast. Other stuff was discussed as well - probably even a little about security. Enjoy. 0:00 - Intro - Oregon AMS 7:10 - Quantum Followup 10:53 - Chandra 2 Followup 13:54 - Hurricanes & Cybersecurity 17:13 - Smart Cylinders 22:27 - Winnti Group 26:33 - Discord Client 32:09 - Saildrone 36:50 - 50 Year Anniversary 40:31 - Zero Hour Podcast  

  • 098: Collective Gasp of Yuck

    26/10/2019 Duration: 44min

    Eric goes pot shopping and Jon loves carrot cake. Has google achieved quantum supremacy? Biometric missteps, cache failures, Mercedes app glitches, and more cryptojacking containers. Eric joins the Rebble Alliance, the Air Force retires their 8" floppies, and bees can do math now. 0:00 - Intro 4:26 - Carrot Cake 6:56 - Google's Quantum Claim 8:32 - Not So Fast... 10:06 - Samsung Fingerprint Fail 14:23 - Pixel 4 Face Unlock 17:39 - Cache Poisoning 27:04 - Mercedes Glitch 30:14 - Docker Cryptojacking 32:58 - Rebble With a Cause 36:43 - No More 8" Floppies 39:01 - Bee Math  

  • 097: It Pays to be Paranoid

    19/10/2019 Duration: 39min

    Apple Farms and Drones. Spy Chip Followup. Much Sudo About Nothing. Bluetooth Beaconing Enable Theft also Enables Mansplaining (what?!?) and some Reductor Malware details. Yellow lights are scientifically proven to be too short and Paul Graham proposes a language. 0:00 - Intro - Apple Farms and Drones 10:06 - Spy Chip Followup 11:25 - Much Sudo About Nothing 15:07 - Sudo Make me a Sandwich 16:11 - Bluetooth Beaconing Enabled Theft 19:08 - Reductor Malware 27:42 - Yellow Lights are Too Short 32:49 - Paul Graham's Bel  

  • 096: An Especially Hardy Perennial

    12/10/2019 Duration: 49min

    Eric paints and buys Jon a Yubikey. Jon ditches the Costanza wallet. Hacking back against ransomware, nomoreransom.org, and patch your routers folks. Stalking eyeballs, Twitter sells your 2FA phone number, and more cart skimmers. Eric's audiobook journey, publishers strongarm libraries, Ken Thompson had a good password, and the craziest article you'll read all week. 0:00 - Intro 4:40 - Eric buys Jon a present 8:18 - No more Costanza wallet 12:56 - Ransomware Victim Hacks Back 15:36 - No More Ransom Plug 17:18 - Patch Your Router (if you can) 21:04 - Eyeball Reflections 23:30 - SMH Twitter. SMH. 26:25 - Store Host Cloud Breach 32:00 - The Eye of the World 35:26 - Bad Macmillan 37:39 - eBook Petition 40:12 - Ken's Password 44:07 - Crazy Article  

  • 095: The Las Vegas Episode

    05/10/2019 Duration: 37min

    This Week: Gambling, Research, Takedowns, Phishing, Jailbreaks. Fun with Madeleine Albright & Colin Powell and the periodic table. 0:00 - Intro 3:21 - 21 5:35 - Is China the new Russia? 9:31 - McAfee Sodinokibi Research 11:37 - Dutch Police Takedown 15:43 - Specialized Phishing with iOS 20:40 - Checkm8 Jailbreak 28:40 - Madeleine Albright & Colin Powell 33:19 - The Periodic Table  

  • 094: Squarelinder

    28/09/2019 Duration: 44min

    Eric's on the road and under the weather; Jon has had better weekends. Apple's opening up the repair envelope, and the Internet is a Low Trust Society. Paper's not private, and IBM talks about malware targeting routers. For fun, Eric likes Echo .* and Jon evidently likes Goddard [Institute|Futuristics]. 0:00 - Intro: Travel and Sick 2:57 - Honey Tasting 8:08 - Right-ish to Repair 9:59 - Dupes and Cynics 15:37 - Zen and the Art of Motorcycle Maintenance 17:17 - "As Designed" Paper 22:48 - Swiper, No Swiping 31:58 - Echo _____ 37:36 - Water on Venus 40:15 - Wolf 359  

  • 093: Sedimentary Layer of Protocols

    20/09/2019 Duration: 38min

    This Week: Space Stuff, Data leaks in Ecuador, More Space Stuff, Something about where your car is, and Password Managers are Software, too. Wait, we're not done. Do you know what you're phone is doing? Soviet Soldiers Dancing and 3D Dominos, and finally, you will find out where Greater Adria went. 0:00 - Intro 5:07 - Hundred Year Starship 6:18 - One Strange Rock 7:18 - Ecuador Data Leak 10:47 - MoviePass Shutting Down 11:24 - Looking for Vikram 13:11 - License Plate Readers 18:29 - Password Manager Bug 20:01 - Chromium as U2F Bug 24:32 - Simjacker 30:57 - Soviet Soldiers Dancing 32:14 - 3D Dominos 34:07 - Greater Adria

page 12 from 17