Mostly Security

  • Author: Vários
  • Narrator: Vários
  • Publisher: Podcast
  • Duration: 226:57:20
  • More information

Informações:

Synopsis

Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.

Episodes

  • 032: Don't Sweat, It's Only the Polish Dogs

    20/07/2018 Duration: 38min

    Jon returns from camping so Eric can go fishing again. Costco still sells hot dogs, the Polish dogs have just migrated to Sam's Club. A trip through anti-cheat development at Riot Games, and a raft of QNAP vulnerabilities. Chickens are fun! As are javascript games... Sam's Club Pounces DeepFake Deep Dive Aadhaar Grand Challenge AntiCheat==Malware Evasion? QNAP Command Injections Silicon (Chicken) Valley Jelly Mario!

  • 031: That's all the Spanish I can do right now

    13/07/2018 Duration: 24min

    Marcelo DaCruz joins to meander through various topics that include a little cryptocurrencies, promoting other podcasts, malicious World Cup apps, 4th of July data breaches, password managers, and wrapping car keys in foil. Oh, and Costco. And what Marcelo's first Amazon purchase was. Whew! IOTA is worth 3 billion? Ethereum's Blockchain is 1TB Hamas Lures Israeli Soldiers Risky Business Podcast Golden Cup Cyber Threat Timehop Data Breach Apple to deploy 1Password Wrap your key fob in foil Charlie Miller's thoughts Costco kills the hot dog Marcelo's first Amazon purchase

  • 030: I do like me some goats...

    07/07/2018 Duration: 43min

    Eric rants about cryptocurrencies, Jon speculates about a billion ten year olds. Eric likes watching zoo animals and Jon appreciates fireworks in another state. Happy Independence Day, America! Oregon State wins the College World Series Gentoo Linux Incident Cryptocurrencies, again... IOTA wut? EOS huh? Ways to think about machine learning Oregon Zoo Fireworks

  • 029: Crypto-mining Docker Images and Insider Threats

    29/06/2018 Duration: 43min

    Jon's bees don't cooperate and Eric watches baseball. Docker hub containers that mine Monero for their own benefit and a Kubernetes honeypot; Tesla's malicious insider and insider threats in general. AI assisted slow motion, NES on the playgrounds, and what it costs to run a worldwide data service. Intro - Bees Do Their Own Thing Intro - OSU Survives in College World Series Followup - Yubikey supports more than just Chrome Malicious Docker Images Kubernetes Honeypot Tesla's Malicious Insider Significance of Insider Threats AI Assisted Slow Motion NES in Swift Playgrounds Troy Hunt Takes One for the Team

  • 028: A dash of WebUSB and smidge of leaky routers

    22/06/2018 Duration: 43min

    Eric rewatches The Matrix. Jon rewatches an assortment from Studio Ghibli. But enough about movies. Some followup with a bit more followup. Did you know your browser can talk directly to USB devices and that your router knows where you live? Eric finds a "smart lock" that suggests you not look behind the curtain. Jon expresses more love for serverless utilities. Followup from E025 - Selling your location Followup from E026 - Apple's Notarized Apps Followup from E009 - Right to Repair Followup from E026 - 3D Printed Homes in The Netherlands WebUSB and Yubico 2FA Google knows where you live Google home location leak "Unbreakable Smart Lock" #fail pulumi.io

  • 027: Cortana is also a Voice Assistant

    17/06/2018 Duration: 32min

    Eric goes fishing (with an 'f'), Jon has baby goats, and hacking Windows 10 via Cortana. Treat robots as you would like them to treat you, and an underwater datacenter. Win10/Cortana Vulnerabilities Google Assistant Android Advantage Don't Kick That Robot Microsoft's Underwater Data Center

  • 026: Microsoft, Apple and concrete dreams

    07/06/2018 Duration: 45min

    Microsoft buys GitHub and now we'll see what that actually means. Apple WWDC surprises developers with cool stuff. Antoni Gaudí wishes he had a concrete printer. Jon continues to explore his love for open source. GDPR Followup Amazon Alexa ODM Solutions Sonos Beam Microsoft Buys GitHub Microsoft + GitHub + Concerns? Apple WWDC - Notarized Apps Apple WWDC - Parental Control Printing a House Barcelona and the Sagrada Família Open Source Mac Apps

  • 025: Stolen credit cards, emailing secret audio, fun with time and a "yay! oh, wait."

    31/05/2018 Duration: 41min

    Eric has to deal with a stolen credit card. Jon checks in again on the telcos who resell your location data. Your Amazon cylinder might email an audio recording to someone. GDPR makes the web much faster. Eric likes time, Jon almost likes Apple. Notes: Krebs follow up on location data tracking Alexa eavesdropping scandal GDPR Fallout All about time by Zach Holman Steam Link!  Oh, wait...  

  • 024: Comcastic Followup, Real-time Location of any Cell Phone, and Cylinder Security

    25/05/2018 Duration: 41min

    Comcast gets two bits of followup; look up the real-time location of nearly any cell phone user in the states; more Google duplex and cylinder security; a Sunday sermon with some Oatmeal. Links: Followup: eFail (nice lego dumpster fire) - https://boingboing.net/2018/05/21/mime-considered-harmful.html Followup: Comcast Mesh - https://www.engadget.com/2018/05/21/comcast-is-now-selling-mesh-wifi-pods-to-its-internet-customer/ Followup: Comcast Leaks - https://www.engadget.com/2018/05/22/xfinity-bug-revealed-personal-data-router/ Don't Share the Where - https://krebsonsecurity.com/2018/05/mobile-giants-please-dont-share-the-where/ More Google Duplex - https://9to5google.com/2018/05/21/google-duplex-explained-turing-test/ Cylinder Security - https://www.techrepublic.com/article/smart-office-secrets-alexa-siri-and-google-assistant-could-hear-commands-the-human-ear-cant/ Do You Hear Laurel? - https://www.nytimes.com/interactive/2018/05/16/upshot/audio-clip-yanny-laurel-debate.html Adam Savage's Sunday Sermon - http

  • 023: Password rants, eMail client vulnerabilities, and Google I/O

    19/05/2018 Duration: 43min

    Eric's password buttons were pushed this week, not-so-secure eMail clients, and a touch of Google I/O. Fake coin offerings and ... a knife? Links: Password Rant - https://twitter.com/ericwuehler/status/996509740673908736 Followup: Eero + Echo - https://daringfireball.net/thetalkshow/2018/05/08/ep-221 Weird Al Hamilton Polka - https://www.youtube.com/watch?v=3v0c6smpHSk eMail Client Vulnerabilities - https://efail.de/ Google I/O - https://www.theverge.com/2018/5/8/17328828/google-io-keynote-summary-highlights-news-recap-2018 Ordering with a Voice Assistant - https://twitter.com/jonathan_b_king/status/996517910158819335 Buy Howeycoins! - https://www.howeycoins.com/index.html Cutco Cheese Knife - https://www.cutco.com/products/product.jsp?item=traditional-cheese-knife  

  • 022: Death to the Password and some feels for Microsoft

    11/05/2018 Duration: 40min

    Logging in with only a physical key, Twitter's oopsie, Facebook fires a stalker and Signal's messages do not "self-destruct". Jon chats about stuff from the Microsoft Build conference. Eric still likes Netflix. Jon likes books. Links: Gigabit Router Followup - Botnet - https://www.zdnet.com/article/botnets-competing-to-attack-vulnerable-gpon-fiber-routers/ Gigabit Router Followup - Fix - https://thehackernews.com/2018/05/protect-router-hacking.html Death to Passwords! - https://www.yubico.com/2018/04/yubico-and-microsoft-introduce-passwordless-login/ Twitter logs passwords - https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html Facebook fires analyst for stalking - https://arstechnica.com/information-technology/2018/05/facebook-fires-security-analyst-accused-of-using-access-to-stalk-women/ Signal notifications do not self-destruct - https://motherboard.vice.com/en_us/article/kzke7z/signal-disappearing-messages-are-stored-indefinitely-on-mac-hard-drives Microsoft Build 2

  • 021: Flails, Routers, and Electronic Frontiers

    04/05/2018 Duration: 30min

    Jon describes farm equipment, while Eric teaches driving lessons. Routers around the world are vulnerable, and a critical battle is won for the open web. A fun book tracking hackers and a crazy project for a VGA adapter. Links: What is a flail? - https://en.wikipedia.org/wiki/Flail_mower Oregon Instructional Permit - http://www.oregon.gov/ODOT/DMV/TEEN/pages/permit.aspx Vulnerable GPON Routers - https://threatpost.com/millions-of-home-fiber-routers-vulnerable-to-complete-takeover/131593/ Not a Computer Crime - https://www.eff.org/deeplinks/2018/04/dc-court-accessing-public-information-not-computer-crime Python Environment - https://www.xkcd.com/1987/ The Cuckoo's Egg - https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/ Software Defined Radio - https://osmocom.org/projects/osmo-fl2k/wiki/Osmo-fl2k

  • 020: 3200 miles, 58 hours and Unit Testing is awesome...

    28/04/2018 Duration: 29min

    Eric is back from the road trip. IoT, the gift that keeps on giving. Eric chats about hotel security cards. Jon channels Harry Potter with Obiliviate DNS. The Grand Canyon is really cool and Jon tries installing a garage door opener. Links: Grand Canyon - https://www.nps.gov/grca/index.htm Ski lift exposed to the internet - https://www.golem.de/news/patscherkofel-gondelbahn-mit-sicherheitsluecken-1804-133930.html Hotel key card security - https://wired.trib.al/RkHWQ0U The Hotel Hacker - https://www.wired.com/2017/08/the-hotel-hacker/ Oblivious DNS - https://www.techrepublic.com/article/oblivious-dns-could-protect-your-internet-traffic-against-snooping/ BGP Hijack - https://www.welivesecurity.com/2018/04/25/ethereum-cryptocurrency-wallets-raided/

  • 019: The Javascript Episode

    20/04/2018 Duration: 40min

    Peter Wooley joins Jon to talk javascript while Eric cannot prevent it. NPM gains package signing capabilities; a casino is hacked courtesy of their fish tank; and once DeepFake matures, how do we tell what's real? Peter recommends playing Celeste on the Switch, Jon should have read a couple more books about bees, and clicky keyboards are awesome. Links: Peter Wooley on Twitter - https://twitter.com/peterwooley Javascript won! - https://hackernoon.com/javascript-has-already-won-235b29ed126b NPM signed packages - http://blog.npmjs.org/post/172999548390/new-pgp-machinery Typosquatting packages - http://incolumitas.com/2016/06/08/typosquatting-package-managers/ Fish Tank Thermometer - https://thehackernews.com/2018/04/iot-hacking-thermometer.html Pi-hole - https://pi-hole.net/ WiFi Grill - https://greenmountaingrills.com/ DeepFake Videos - https://www.buzzfeed.com/craigsilverman/obama-jordan-peele-deepfake-video-debunk-buzzfeed Celeste - https://en.wikipedia.org/wiki/Celeste_(video_game) More Bees! - https://en

  • 018: Gmail, Accountants, and VirusTotal, Oh My.

    15/04/2018 Duration: 32min

    Gmail doesn't follow email address standards; having your accountant hacked is Not Good; and confidential data is found in VirusTotal. Eric shares a fun what-if, and Jon is mesmerized watching sorting algorithms. Links: Followup - PF Chang's vs. Panera - https://medium.com/@AkshaySharmaUS/p-f-changs-security-flaw-revealed-following-panera-bread-s-leak-b47fa6a1bba6 Google says: Ignore Those Dots! - https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html When Accountants Don't Patch - https://krebsonsecurity.com/2018/04/when-identity-thieves-hack-your-accountant/ Confidential Data in VirusTotal - https://threatpost.com/malware-scanning-services-containers-for-sensitive-business-information/124802/ Space Jetta - https://what-if.xkcd.com/142/ 15 Sorting Algorithms in 6 Minutes - https://www.youtube.com/watch?v=kPRA0W1kECg

  • 017: Beekeeper Jon and the Half Dead Car... Eric tries hiking and naming colors.

    06/04/2018 Duration: 41min

    Jon chats about his car and beekeeping. Cloudflare's Privacy Focused DNS and an ARM v Intel post. Will Apple use its own chips in it Macs? And poor, poor Panera... Eric tries hiking Multnomah Falls and ends up hiking somewhere else. Jon gets a kick out of colors. Links: If you have an iPhone, use Overcast - https://overcast.fm Cloudflare's Privacy Focused DNS - https://1.1.1.1/ Dot-cm Typosquatting sites visited 12M times - https://krebsonsecurity.com/2018/04/dot-cm-typosquatting-sites-visited-12m-times-so-far-in-2018/ Beyond XSS: Edge Side Include Injection - http://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/ Apple Plans to Use Its Own Chips in Macs From 2020, Replacing Intel - https://www.bloomberg.com/news/articles/2018-04-02/apple-is-said-to-plan-move-from-intel-to-own-mac-chips-from-2020 Intel v ARM power reqs - Killowatt - https://twitter.com/eastdakota/status/976560820611031040  ARM Takes Wing: Qualcomm vs Intel CPU comparison - https://blog.cloudflare.com/arm-takes-wing/ Panera do

  • 016: Boeing, WannaCry, and the Invisible Mask

    31/03/2018 Duration: 28min

    Eric sees Ready Player One opening day. Boeing is hit by WannaCry and researchers demonstrate spoofing facial recognition using IR emitters in a ball cap. Someone built a game using HIBP passwords ("My Little Pwnage"). A personal VPN hotspot and a glowing meteorite ring. Links: Ready Player One - http://readyplayeronemovie.com/ Boeing + WannaCry - https://www.seattletimes.com/business/boeing-aerospace/boeing-hit-by-wannacry-virus-fears-it-could-cripple-some-jet-production/ Invisible Mask Attack - https://arxiv.org/pdf/1803.04683.pdf My LIttle Pwnage - https://mylittlepwnage.eu/ Amplifi Teleport - https://amplifi.com/teleport/ Carbon Fiber and Meteorite Glowstone Ring - https://youtu.be/K2VWLT63_cI

  • 015: Chicken Dusting, What's in Your Blockchain?, and more!

    23/03/2018 Duration: 37min

    What does Zuckerberg mean by dust in the chickens, exactly? If you look at the bitcoin blockchain, more than just bitcoin transactions can be found. AI learns to WIN by cheating. How safe is your bitcoin hardware wallet? Checking out the StackOverflow Developer Survey. Muppets and IKEA. Links: Chicken Dusting? - https://www.theverge.com/2018/3/21/17150270/mark-zuckerberg-facebook-regulated AMD Follow up - https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research What's in the Bitcoin Blockchain? - https://www.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content Serverless and Container Adoption - http://www.zdnet.com/article/serverless-computing-containers-see-triple-digit-quarterly-growth-among-cloud-users/ AI Learns to play Tic Tac Toe - http://www.zdnet.com/article/serverless-computing-containers-see-triple-digit-quarterly-growth-among-cloud-users/ Hardware wallet Security - https://krebsonsecurity.com/2

  • 014: Ethereum, Spyware, and AMD's security flaws

    17/03/2018 Duration: 35min

    MemFixed sends flush packets to memcached servers. Security tools start showing up for Ethereum. ISPs insert spyware into downloads from legitimate sites. Carl joins to discuss the recently disclosed AMD vulnerabilities. Links: Followup - MemFixed - https://www.bleepingcomputer.com/news/security/memfixed-tool-helps-mitigate-memcached-based-ddos-attacks/ Ethereum Security Tool - https://blog.trailofbits.com/2018/03/09/echidna-a-smart-fuzzer-for-ethereum/ Government injected spyware - https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/ AMD Vulnerabilities - https://www.wired.com/story/amd-backdoor-cts-labs-backlash/ Two Photos, one millisecond - https://petapixel.com/2018/03/07/two-photographers-unknowingly-shot-millisecond-time/ Numberphile - http://numberphile.com/videos/analytical_continuation1.html

  • 013: Android P and network devices as a critical vector

    09/03/2018 Duration: 35min

      Security implications of Google's Android 'P' first developer preview. Newly unclassified documents from 2016 (likely Shadow Broker fallout). Girl Scout cybersecurity badges and drones in Puerto Rico. Links: GitHub DDoS - https://github.com/649/Memcrashed-DDoS-Exploit Android P security features - https://www.theverge.com/2018/3/7/17088394/android-p-developer-preview-notifications-kotlin-microphone Android ecosystem statistics - https://developer.android.com/about/dashboards/index.html Unclassified 2016 'BOD-16-02' - https://twitter.com/RidT/status/970880435411709952 Girl Scouts cybersecurity badges - https://www.nbcnews.com/tech/tech-news/girl-scouts-fight-cybercrime-new-cybersecurity-badge-n852971 Drones in Puerto Rico - https://www.wired.com/story/drones-electricity-puerto-rico/

page 16 from 17