Mostly Security

Mostly Security

mostlysecurity.com
chatting about security, technology and other stuff
035: Didn’t they have the Iron Lung in the ’40s?
Aug 12 • 43 min
Mobile phone voting? Ummm… Its a little more complicated than people believe. Comcast fixes some bugs. Jon wants a BioReactor. Eric brags about his “Porsche”.
034: Recording on Battery
Aug 5 • 38 min
Eric is STILL fishing, but in Idaho. Recording on battery in his truck (dedication!). Edge gets Web Auth support, inmates in Idaho get free emails, and Reddit is breached via SMS. Software continues to eat the world and Verizon has released a great…
033: Thanks For All The (Lack Of) Phish
Jul 27 • 35 min
Eric successfully fishes, and Jon fixes his QNAP issue. Google says they haven’t been phished since deploying U2F keys in 2017. Chrome flags HTTP sites as ‘Not Secure’ and Troy posts a video for why HTTPS matters even for static ‘marketing’ sites. Old…
032: Don’t Sweat, It’s Only the Polish Dogs
Jul 20 • 38 min
Jon returns from camping so Eric can go fishing again. Costco still sells hot dogs, the Polish dogs have just migrated to Sam’s Club. A trip through anti-cheat development at Riot Games, and a raft of QNAP vulnerabilities. Chickens are fun! As are…
031: That’s all the Spanish I can do right now
Jul 13 • 24 min
Marcelo DaCruz joins to meander through various topics that include a little cryptocurrencies, promoting other podcasts, malicious World Cup apps, 4th of July data breaches, password managers, and wrapping car keys in foil. Oh, and Costco. And what…
030: I do like me some goats…
Jul 7 • 43 min
Eric rants about cryptocurrencies, Jon speculates about a billion ten year olds. Eric likes watching zoo animals and Jon appreciates fireworks in another state. Happy Independence Day, America!
029: Crypto-mining Docker Images and Insider Threats
Jun 28 • 43 min
Jon’s bees don’t cooperate and Eric watches baseball. Docker hub containers that mine Monero for their own benefit and a Kubernetes honeypot; Tesla’s malicious insider and insider threats in general. AI assisted slow motion, NES on the playgrounds, and…
028: A dash of WebUSB and smidge of leaky routers
Jun 22 • 43 min
Eric rewatches The Matrix. Jon rewatches an assortment from Studio Ghibli. But enough about movies. Some followup with a bit more followup. Did you know your browser can talk directly to USB devices and that your router knows where you live? Eric finds a…
027: Cortana is also a Voice Assistant
Jun 17 • 32 min
Eric goes fishing (with an ‘f’), Jon has baby goats, and hacking Windows 10 via Cortana. Treat robots as you would like them to treat you, and an underwater datacenter.
026: Microsoft, Apple and concrete dreams
Jun 7 • 45 min
Microsoft buys GitHub and now we’ll see what that actually means. Apple WWDC surprises developers with cool stuff. Antoni Gaudí wishes he had a concrete printer. Jon continues to explore his love for open source.
025: Stolen credit cards, emailing secret audio, fun with time and a “yay! oh, wait.”
May 31 • 41 min
Eric has to deal with a stolen credit card. Jon checks in again on the telcos who resell your location data. Your Amazon cylinder might email an audio recording to someone. GDPR makes the web much faster. Eric likes time, Jon almost likes Apple.
024: Comcastic Followup, Real-time Location of any Cell Phone, and Cylinder Security
May 25 • 41 min
Comcast gets two bits of followup; look up the real-time location of nearly any cell phone user in the states; more Google duplex and cylinder security; a Sunday sermon with some Oatmeal.
023: Password rants, eMail client vulnerabilities, and Google I/O
May 18 • 43 min
Eric’s password buttons were pushed this week, not-so-secure eMail clients, and a touch of Google I/O. Fake coin offerings and … a knife?
022: Death to the Password and some feels for Microsoft
May 11 • 40 min
Logging in with only a physical key, Twitter’s oopsie, Facebook fires a stalker and Signal’s messages do not “self-destruct”. Jon chats about stuff from the Microsoft Build conference. Eric still likes Netflix. Jon likes books.
021: Flails, Routers, and Electronic Frontiers
May 4 • 30 min
Jon describes farm equipment, while Eric teaches driving lessons. Routers around the world are vulnerable, and a critical battle is won for the open web. A fun book tracking hackers and a crazy project for a VGA adapter.
020: 3200 miles, 58 hours and Unit Testing is awesome…
Apr 27 • 29 min
Eric is back from the road trip. IoT, the gift that keeps on giving. Eric chats about hotel security cards. Jon channels Harry Potter with Obiliviate DNS. The Grand Canyon is really cool and Jon tries installing a garage door opener.
019: The Javascript Episode
Apr 20 • 40 min
Peter Wooley joins Jon to talk javascript while Eric cannot prevent it. NPM gains package signing capabilities; a casino is hacked courtesy of their fish tank; and once DeepFake matures, how do we tell what’s real? Peter recommends playing Celeste on the…
018: Gmail, Accountants, and VirusTotal, Oh My.
Apr 15 • 32 min
Gmail doesn’t follow email address standards; having your accountant hacked is Not Good; and confidential data is found in VirusTotal. Eric shares a fun what-if, and Jon is mesmerized watching sorting algorithms.
017: Beekeeper Jon and the Half Dead Car… Eric tries hiking and naming colors.
Apr 6 • 41 min
Jon chats about his car and beekeeping. Cloudflare’s Privacy Focused DNS and an ARM v Intel post. Will Apple use its own chips in it Macs? And poor, poor Panera… Eric tries hiking Multnomah Falls and ends up hiking somewhere else. Jon gets a kick out of…
016: Boeing, WannaCry, and the Invisible Mask
Mar 31 • 28 min
Eric sees Ready Player One opening day. Boeing is hit by WannaCry and researchers demonstrate spoofing facial recognition using IR emitters in a ball cap. Someone built a game using HIBP passwords (“My Little Pwnage”). A personal VPN hotspot and a glowing…
015: Chicken Dusting, What’s in Your Blockchain?, and more!
Mar 23 • 37 min
What does Zuckerberg mean by dust in the chickens, exactly? If you look at the bitcoin blockchain, more than just bitcoin transactions can be found. AI learns to WIN by cheating. How safe is your bitcoin hardware wallet? Checking out the StackOverflow…
014: Ethereum, Spyware, and AMD’s security flaws
Mar 16 • 35 min
MemFixed sends flush packets to memcached servers. Security tools start showing up for Ethereum. ISPs insert spyware into downloads from legitimate sites. Carl joins to discuss the recently disclosed AMD vulnerabilities.
013: Android P and network devices as a critical vector
Mar 9 • 35 min
Security implications of Google’s Android ‘P’ first developer preview. Newly unclassified documents from 2016 (likely Shadow Broker fallout). Girl Scout cybersecurity badges and drones in Puerto Rico.
012: Emailing 23,000 private keys and GitHub survives a DDoS attack
Mar 2 • 31 min
Jon is back from Florida. Is it Trust-ICO or Trustico? Anatomy of an Amplification Attack. Visualizing data and watching documentaries.
011: Peter Wooley joins to chat UI/UX and Disneyland
Feb 22 • 29 min
We chat CSS Keyloggers and are not worried. Careful what you put into securityheaders.io. Is your Password in the list of 500 million known passwords? And you can’t chat with Peter without a Disney sidetrack.
010: Consumer Reports, RTL Unicode, and CPU vs Ads
Feb 17 • 29 min
iFixit and the iPhone X Teardown, Consumer Reports is now adding Security and Privacy into their electronic device ratings, Telegram has a Zero-day vulnerability due to a Right-to-Left Unicode character and Salon.com wants to mine cryptocurrencies in…
009: Carl Woodward joins the show and talks Meltdown
Feb 9 • 39 min
Carl talks meltdown/spectre from the trenches. Jon fawns over the Falcon Heavy launch. Eric yaps about Right to Repair and Hacking John Deere tractors. Carl wants an alarm clock, buys an Alexa - its all downhill from there, and it is Cedric’s fault.
008: Alphabet’s Chronicle, Fixing AWS IAM, and Jackpotting ATMs
Feb 2 • 23 min
Jon’s roof doesn’t collapse. Eric talks about a moon and snow caving. Then they actually talk about security stuff. Sorta. Thoughts on Chronicle, Alphabet’s now named security company. Then, is there a solution for the AWS IAM permissions? And…
007: Apple, Stripe, Bitcoin, and The Whopper
Jan 26 • 25 min
Jon and Eric ramble through a few completely random topics. Pointless flaws in Apple Preference Panes, Stripe says goodbye to Bitcoin, Burger King takes on Net Neutrality and Jon almost earns himself a Darwin Award.
006: Crash of the Cryptocurrencies and a Hawaii UX #fail
Jan 19 • 35 min
Jon and Eric chat about stuff completely unrelated to security, with bonus tangents!