c.im is one of the many independent Mastodon servers you can use to participate in the fediverse.
C.IM is a general, mainly English-speaking Mastodon instance.

Server stats:

2.9K
active users

#Episode

276 posts3 participants0 posts today


Episode 188 - Depressing news sucks, we're talking about cheating in video games
traffic.libsyn.com/secure/open

Josh and Kurt talk about video games. Yeah, video games. Specifically about cheating in video games. There's a lot of other security themes in the discussion. With the news being horrible these days, we needed to talk about something fun. Show Notes Penny Arcade Banned from Fortnite Apollo Robbins, world's best pickpocket


Episode 189 - Video game hackers - speedrunning
traffic.libsyn.com/secure/open

Josh and Kurt talk about video games and hacking. Specifically how speed runners are really just video game hackers. Show Notes Developer speedrun commentary Super Mario World end credits glitch explained Mario 3 RCE Breath of the Wild speedrun Super Metroid reverse boss order TMR beats every NES game


Episode 190 - Building a talent "ecosystem"
traffic.libsyn.com/secure/open

Josh and Kurt talk about building a talent ecosystem. What starts out as an attempt by Kurt to talk about Canada evolves into a discussion about how talent can evolve, or be purposely grown. Canada's entertainment industry and Unit 8200 are good examples of this. Show Notes SCTV Red Team Project Moon Shot book  AvE channel  Turning a tree root into a bowl  Mailing the Hope Diamond The Ecosystem


Episode 191 - Security scanners are all terrible
traffic.libsyn.com/secure/open

Josh and Kurt talk about security scanners. They're all pretty bad today, but there are some things we can do to make them better. Step one is to understand the problem. Do you know why you're running the scanner and what the reports mean? Show Notes Edmonton freeze thaw cycles Josh's security scanner blog series


Episode 192 - Work without progress - what Infosec can learn from treadmills
traffic.libsyn.com/secure/open

Josh and Kurt talk about Kurt's recent treadmill purchase and the lessons we can lean in security from the consumer market. The consumer market has learned a lot about how to interact with their customers in the last few decades, the security industry is certainly behind in this space today. Once again we display our ability to tie even the seemingly mundane things back to a discussion about security. Show Notes Eating goldfish off the treadmill


Episode 193 - Security lessons from space: Apollo 13 edition
traffic.libsyn.com/secure/open

Josh and Kurt talk about space. We intended to focus on Apollo 13 but as usual we have no ability to stay on topic. There is a lot of fun space discussions in this one though. Do you think you can hack Voyager 1? Only if you have a big enough satellite dish. Show Notes Eavesdropping on Apollo 11 Apollo 11 classified weather satellite The pen that saved Apollo 11


Episode 194 - Working from home security: resistance is futile
traffic.libsyn.com/secure/open

Josh and Kurt talk about the new normal that's working away from an office. It's not exactly working from home as there are some unforeseen challenges that we just took for granted in the past. There are a lot of new and strange security problems we have to adapt to, everyone is doing amazing work with very little right now. Show Notes Microsoft buys corp.com Hijack computer network traffic with a Pi Zero


Episode 195 - Is BGP actually insecure?
traffic.libsyn.com/secure/open

Josh and Kurt talk about the uproar around Cloudflare's "Is BGP safe yet" site. It's always interesting watching how much people will push back on new things, even if the new things is probably a step in the right direction. The clever thing Cloudflare is doing in this instance is they are making the BGP problem something anyone can understand. Also send us your funny dog stories. Show Notes Is BGP safe yet? Reddit BGP conversation Hacker News BGP conversation Stealing cryptocurrency with BGP


Episode 196 - Pounding square solutions into round holes: forced updates from Ubuntu
traffic.libsyn.com/secure/open

Josh and Kurt talk about automatic updates. Specifically we discuss a recent decision by Ubuntu to enable forced automatic updates. There are lessons here for the security community. We have a history of jumping to solutions rather than defining and understanding problems. Sometimes our solutions aren't the best. Also murder bees. Show Notes The Oatmeal giant bee comic Honeybees cook giant hornet Ubuntu 20.04 LTS’ snap obsession has snapped...


Episode 197 - Beer, security, and consistency; the newer, better, triad
traffic.libsyn.com/secure/open

Josh and Kurt talk about what beer and reproducible builds have in common. It's a lot more than you think, and it mostly comes down to quality control. If you can't reproduce what you do, you're not a mature organization and you need maturity to have quality. Show Notes Reinheitsgebot Josh's Blog Post Ken Thompson's reflections on trusting trust Tor Browser Deterministic Builds One line package broke npm create Donkey Kong 64 memory leak


Episode 198 - Good advice or bad advice? Hang up, look up, and call back
traffic.libsyn.com/secure/open

Josh and Kurt talk about the Krebs blog post titled "When in Doubt: Hang Up, Look Up, & Call Back". In the world of security there isn't a lot of actionable advice, it's worth discussing if something like this will work, or ever if it's the right way to handle these situations. Show notes When in Doubt: Hang Up, Look Up, & Call Back Tech Support Scam podcast: Part 1, Part 2 STIR/SHAKEN Drill the wrong safe deposit box 2009 Bank of Ireland robbery


Episode 199 - Special cases are special: DNS, Websockets, and CSV
traffic.libsyn.com/secure/open

Josh and Kurt talk about a grab bag of topics. A DNS security flaw, port scanning your machine from a web browser, and CSV files running arbitrary code. All of these things end up being the result of corner cases. Letting a corner case be part of a default setup is always a mistake. Yes always, not even that one time. Show Notes Bind advisory Robustness Principal eBay port scanning localhost OWASP CSV injection


Episode 200 - Talking Container Security with Liz Rice
traffic.libsyn.com/secure/open

Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What will container security look like in the future? Show Notes Container Security download Pictures of elephants Kubernetes Security book Starboard project Dynamic threat analysis


Episode 201 - We broke CVSSv3, now how do we fix it?
traffic.libsyn.com/secure/open

Josh and Kurt talk about CVSSv3 and how it's broken. We started with a blog post to explain why the NVD CVSS scores are so wrong, and we ended up researching CVSSv3 and found out it's far more broken than any of us expected in ways we didn't expect. NVD isn't broken, CVSSv3 is. How did we get here? Are there any options that work today? Where should we go next? Show Notes Josh's blog post NVD Red Hat security data Josh's CVE data project Microsoft security ratings scale


Episode 202 - The convergence of application security
traffic.libsyn.com/secure/open

Josh and Kurt talk about the security of applications. We talk about the security of infrastructure all the time, but what happens when we combine infrastructure into an application or solution? Show Notes Picture of Kurt's security check-up Dragon controls


Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit
traffic.libsyn.com/secure/open

Josh and Kurt talk about human behavior. The conversation makes its way to conferences and the perpetual question of if a conference is useful or not. We come to the agreement the big shows aren't what they used to be, but things like BSides are great experiences. Show Notes Security and Human Behaviour Josh's blog post Mudge's Twitter thread


Episode 204 - What Would Apple Do?
traffic.libsyn.com/secure/open

Josh and Kurt talk about some recent security actions Apple has taken. Not all are good, but in general Apple is doing things to benefit their customers (their customers are not advertisers). We also discuss some of the challenges when your customers are advertisers. Show Notes Apple one year certificates Apple declines to implement 16 new APIs Apple is tracking unsigned executables


Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk
traffic.libsyn.com/secure/open

Josh and Kurt talk to Alyssa Miller from Snyk about the State of Open Source Security 2020 report. Alyssa was the report author and has some great insight into the current trends we're seeing in open source security. Some of the challenges developers face. We discuss the difficulty static and composition analysis scanners face. It's a great conversation! Show Notes The State of Open Source Security 2020 Alyssa's Twitter