Mostly Security

Mostly Security
chatting about security, technology and other stuff

079: Hackin’ and Slashin’
Jun 14 • 40 min
School is out. Apple updates the Enterprise App Agreement and will send unknowns calls to voicemail. Package dependencies continue to be a problem. HIBP is looking for a home. Vim has a bug. Android supply chain issues. Rambleed. Eric relates a story…
078: Grilling and Chilling
Jun 8 • 46 min
Eric’s back from Chicago and Jon’s destroying things with mowers. WWDC is going on, with some interesting security announcements already. Elastic buys Endgame, Quest Diagnostics is breached, and real life bank heists aren’t like Hollywood movies. Eric had…
077: You have ruined me
Jun 1 • 37 min
No honey yet, but we now have a “Days Since Last Facebook Scandal” counter. If you only had an hour to talk security, what would you say? SnapChat joins Facebook, and not in a good way, so just plan for some users being evil. If your name is Jared and you…
076: Vowel Shortage in the Valley
May 25 • 37 min
Eric and Jon are in Arizona; people seem to like the bees, and Jon gets to revel in his Bitcode conspiracy a little more. Instagram data found in an ‘influencer’ breach, and Google releases two factor auth effectiveness data. Jon’s curious about Minecraft…
075: I Am Very Easily Distracted
May 17 • 37 min
Should I mention Jon talking about bees again? Or the quick follow ups on MDS Attacks, GitHub’s Package Registry or Social Proofs? Hacking the “unhackable”, along with a software update “crashing” ankle monitors in the Netherlands? Then there’s the SHA-1…
074: What’s Old is New Again
May 11 • 42 min
Go see Avengers. And don’t be jealous, Star Wars, just Use the Force, Harry. Data on Let’s Encrypt, HoloLens’ live demo doesn’t, and we reference two past episodes (37 and 39). Ransomware is targeting source on GitHub, Jon talks containers for Too Long,…
073: Just checking to make sure there were cookies…
May 3 • 41 min
Jon’s in Ireland, Eric’s in Oregon, both are half asleep. Cast/Snip, meet Sherlock. Hardware is hard. Kids are smarter than you think. Let’s Encrypt is great. Cryptocurrencies gonna Cryptocurrency. Telnet Server on Wheels. Sneaky robots.txt. Renting a…
072: Over the Air Hardware Updates
Apr 26 • 38 min
Jon does more bee stuff, and Eric releases a new version of Cast/Snip. Moare Farcebook password woes, McAfee partners with the University of Guelph, and unlocking laptops with faces is suspect. 1 in 4 people purposefully ignore security rules, identity…
071: Essentially a Lispy Language
Apr 19 • 47 min
Jon modifies a rootbeer request while Eric watches a movie by himself and Jon wires up a solar panel. Breaking: The internet needs to relax. Next: Ask yourself, who’s tracking your child? Then: Apple makes nice with Qualcomm. Intermission: StackOverflow…
070: Let’s Not Talk About Gwen Stefani
Apr 13 • 43 min
Eric returns from California with head full of Google kool-aid and ears full of Gwen Stefani. Eero acquisition wasn’t all roses, Facebook mobile SDK sends lots of data to Facebook, and a robo voice mailer data breach. Jon talks about training Alexa, and…
069: I don’t like either of those
Apr 4 • 49 min
This week: * Eric misses Chicago and ends up in Texas eating a tomahawk. * Water is still wet (aka Facebook data leak in the news again). * Jon follows up with some ASUS/Shadowhammer info (then his cat chimes). * Robocalls are bad * Java is now bad - or…
068: You’re Not Eric
Mar 29 • 35 min
Cedric Cochin joins the podcast while Eric is on Spring Break. Norsk is still recovering from ransomware and Apple’s News+ service is strangely open. ASUS distributed hundreds of thousands of malicious, signed updates, and heart implants that are…
067: Say Something Nice
Mar 22 • 37 min
Cast/Snip is live. Jon corrects the record on SHA. Phone numbers are horrible identity proofs. Most AntiVirus for Android is garbage. Aluminum Ransomware. Mirai is not dead yet. Eric rides into Quantum Country. Jon sneaks a peek at an original iPhone…
066: Maybe Cut That Part Out
Mar 15 • 46 min
Eric’s app (Cast/Snip) is launching soon, and Libby is awesome. Marriott discloses much more information about the previous Starwood breach, and Amazon has their own Project Zero. Microsoft releases a Windows 7 patch to add SHA-256 support, and Jon spends…
065: Fool me fifteen times…
Mar 7 • 37 min
Jon’s gonna catch himself some bees. Eric’s trying to avoid getting sick. Facebook - uh, is still Facebook and there’s still no cryptocurrency to be found. The NSA open sources a reverse engineering tool and, not to be outdone, Microsoft open sources a…
064: White Powdery Substance
Mar 1 • 47 min
Jon is back from Arizona and Eric’s playing seamster. Another cryptocurrency heist, another Ring vulnerability, how to abuse (web) Service Workers, and a hardware attack at bare metal clouds. For fun, both the NSA and Eric are on GitHub, and Jon had a…
063: Not a Hack nor Ransomware, rather a Brick
Feb 22 • 44 min
Jon is out, Peter is in. A listener has a question about using consumer devices at work - we kinda-sorta answered it. Followup on Facebook, Apple, Amazon Eero and Nike AirBricks. Eric likes PASTA (but can’t figure out where the last A came from). Peter…
062: Too Dang Easy To Use
Feb 16 • 46 min
Follow-up galore: Ubiquiti, Android transcription, the FaceTime bug, and USB-C encryption. MacOS needs a bounty program, Eero gets bought by Amazon, patch Tuesday fun, and using Mono to bypass Mac security. We remember Opportunity and recommend watching…
061: Schrödinger’s CEO
Feb 8 • 45 min
Eric has an app for taking snips of podcasts, Facebook gets their certs back and still TBD on the curious case of the Cryptocurrency Exchange CEO. Jon gets personal with a Ubiquiti bug while GoDaddy either has or doesn’t have a bug - it isn’t clear - but…
060: Facebook: Hold My Beer
Jan 31 • 50 min
Eric has a new mic, and Jon’s bees are still alive. The Chromecast hackers were kids, shutdown fallout, and Japan takes a bold step in “hacking” its citizens. A huge FaceTime bug followed by YAFS (Yet Another Facebook Scandal) — this time involving side…
059: Is it possible for my son to go to Hogwarts?
Jan 24 • 36 min
Raj Samani, one of the founders of and the head of McAfee’s Advanced Threat Research team joins the show. * Eric confuses JavaScript and Python. * Jon and Raj discuss statistical probabilities. * Why do you ransom Cryptocurrency Miners?…
058: 35 Year Old Bugs
Jan 18 • 45 min
Jon scares security guards, Eric teaches Python, and we have an open slack invite on The Ring article from last week never got much traction, beware the Facebook challenge, ancient vulnerabilities unearthed, and Troy Hunt loads another…
057: Is this the Krusty Krab?
Jan 11 • 46 min
Hi, Canada! Where is the Krusty Krab anyway? Carriers are still kinda awful. More Android phones fail the Face Test. Crashcast Part 2. The Promiscuity of Ring Security Cameras. Eric reads from his Spam Folder. Jon questions data anonymization and learns…
056: What Not to Sell on Craigslist
Jan 4 • 36 min
Eric and Jon celebrate the new year in style (not). Weeding out Craigslist ads and Jon wants a Prusa 3d printer. USB-C gets authentication (and a rant from us) and remotely playing videos on Chromecast devices. For fun: millitext, the origins of BASIC,…
055: Hot Tub Hack Machine
Dec 29, 2018 • 29 min
Christmas Skiing, Drone Crashing, and Fake Glitter Bombs. Eric rants (politely) about passwords (again) and Jon talks Hot Tubs and Cryptocurrencies… (What?) Play a game and learn VIM at the same time - and, just FYI, IPv6 is a lot of address space.
054: Windows Etch A Sketch
Dec 20, 2018 • 42 min
Jon (maybe?) saves his bees, Beaverton schools on lockdown, glitter bombs, and cryptojacking on the rise. SMS is weak 2FA, FaceId on Android easily fooled, steganography is real, CenturyLink behaves unethically, and Microsoft adds a Windows sandbox. Eric…
053: Edible Yogurt Contest
Dec 15, 2018 • 43 min
Eric’s office nears completion, and Jon experiments with yogurt. Followup about the crypto crash and the Marriott breach. An Android trojan that skirts 2FA, malware on the high seas, and the biggest data breaches of 2018. Eric likes Amazon’s honey…
052: I’m Mr. Microsoft today…
Dec 7, 2018 • 35 min
Where, O Where, have my Cryptocurrencies gone? Are they hidden in what IBM is dumping? Are they sneaking into Microsoft’s new OS? Maybe they are lost in the Marriott/Starwood Data Breach? Where ever they’ve gone, we don’t know. But Microsoft is publishing…
051: Remember Windows NT Pipes?
Nov 30, 2018 • 41 min
Eric fixes a leaky faucet, Jon manages to avoid salad. After some 2 for 1 followup, Stallman wants in on the digital currency scene, Jon
050: Not a Wimpy Chip
Nov 24, 2018 • 49 min
Eric and Jon prep for Thanksgiving, while companies don’t invest in Cybersecurity. Duo talks Secure Boot on the T2 chip, Jon lets his inner conspiracy theorist out, and Windows Store now accepts ARM64 builds. If getting a digital implant, best to do it…
049: Jiggy-jog to the left…
Nov 16, 2018 • 33 min
Cloudflare launches DNS Privacy apps for iOS and Android, a security “researcher” gets his hand caught in Krebs’ cookie jar, and more speculative execution in x86-land. Jon describes his favorite whistle and Eric discovers you can build a cashless payment…
048: Stamp of Approval
Nov 10, 2018 • 35 min
Eric continues basement construction, and Jon gets stung (but not by a bee). A tale of two cryptocurrency topics: the good and the sad. HSBC is breached, but we doubt the statistics about successful credential stuffing. And Krebs has a great article about…
047: That’s my next band name…
Nov 1, 2018 • 46 min
Happy Halloween! We reflect on some ad fraud and right to repair followup, contemplate CAPTCHAs, cerebrate insecure devices, ponder Big Blue and their Red 34-billion-gallon Hat, and, uh, think, or errm, well, you know, chat about, um, filler words and top…
046: It’s a World Gone Mad
Oct 25, 2018 • 45 min
Implausible Bloomberg followup, JQuery plugin vulnerability (not JavaScript!), and no more GrayKey. An interesting theoretical Cromium vulnerability and an absolutely epic ad fraud article. Eric’s screentime has stopped working, and Jon enjoyed the…
045: Your glass bottles didn’t explode?
Oct 18, 2018 • 27 min
Jon and Eric, live(ish) from Las Vegas! Facebook (again) and the coming PHPocalypse, along with a vulnerability in libssh. Jon learns about The Big Mac Index on a trip to Argentina and Eric geeks about The Illustrated TLS Connection.
044: How About We Cheer on Microsoft
Oct 12, 2018 • 46 min
Eric and Jon both use chat support for network gear, the Bloomberg story gets stranger, and a double pile on Facebook and Google Plus. Microsoft joins OIN, opening up its patent portfolio. For fun Eric likes The Good Place, and Jon likes both The Broken…
043: I probably shouldn’t say that On Air
Oct 5, 2018 • 38 min
Burgerville isn’t safe from data breaches, despite their fabulous fresh fruit milkshakes. The GRU minions make some rookie mistakes. Aaaand, boom. Bloomberg drops the “All your hardware are belong to us” bomb. Eric likes Volkswagen, Jon likes doodles, and…
042: Wisely Sensitive
Sep 28, 2018 • 41 min
A class action lawsuit is filed for NCIX data sale, 854 million worth of cryptocurrency has been stolen in 2018, and Monero fixed a catastrophic bug which would allow someone to ‘print’ money. Google backs off forced logins to chrome after pressure from…
041: Look at you, Mr. Asterisk - Asterisk Man!
Sep 23, 2018 • 40 min
Right to Repair is back with Tractor Talk. Eric chats cryptocurrency losses and potential losses. Jon agrees with Jeff, there is only security - and what happens to computer data when a company goes under? Eric hikes a volcano and Jon freezes his credit.
040: Grand Challenge Accepted
Sep 15, 2018 • 44 min
Eric talks Blockchain security at LA conference, another MongoDB is exposed on the internet, and California poised to pass an IoT security law. Aadhaar grand challenge (episode 32) accepted — evidently Aadhaar enrollment software is routinely modified.…
039: Don’t use glass, she said… We used glass…
Sep 7, 2018 • 43 min
Jon makes root beer. Eric paints. Google Chrome turns 10. Exposing your .git on the web. First email addresses and the Web Design Museum.
038: Randomly SSHing into Teslas
Aug 31, 2018 • 36 min
Back from two more road trips. What life is like when your last name violates profanity filters, and horror stories from (maybe?) an ex-Tesla IT person. Fun with spammers and a book-length article about What-Is-Code.
037: I built a spaghetti bending machine!
Aug 25, 2018 • 34 min
Scam phone calls are still a thing and apparently you can hack multifunction printers by sending a malicious fax. Eric can’t describe a video and Jon bends spaghetti.
036: Goofy Month, Day, Year
Aug 18, 2018 • 34 min
Blackhat and Defcon roundup, including the keynote, voting machine hacking, breaking voice authentication, and hacking various devices, like heartbeat monitors, tornado alarms, and bodycams. Eric asks about early books, and it’s Palindrome Week in the…
035: Didn’t they have the Iron Lung in the ’40s?
Aug 12, 2018 • 43 min
Mobile phone voting? Ummm… Its a little more complicated than people believe. Comcast fixes some bugs. Jon wants a BioReactor. Eric brags about his “Porsche”.
034: Recording on Battery
Aug 5, 2018 • 38 min
Eric is STILL fishing, but in Idaho. Recording on battery in his truck (dedication!). Edge gets Web Auth support, inmates in Idaho get free emails, and Reddit is breached via SMS. Software continues to eat the world and Verizon has released a great…
033: Thanks For All The (Lack Of) Phish
Jul 27, 2018 • 35 min
Eric successfully fishes, and Jon fixes his QNAP issue. Google says they haven’t been phished since deploying U2F keys in 2017. Chrome flags HTTP sites as ‘Not Secure’ and Troy posts a video for why HTTPS matters even for static ‘marketing’ sites. Old…
032: Don’t Sweat, It’s Only the Polish Dogs
Jul 20, 2018 • 38 min
Jon returns from camping so Eric can go fishing again. Costco still sells hot dogs, the Polish dogs have just migrated to Sam’s Club. A trip through anti-cheat development at Riot Games, and a raft of QNAP vulnerabilities. Chickens are fun! As are…
031: That’s all the Spanish I can do right now
Jul 13, 2018 • 24 min
Marcelo DaCruz joins to meander through various topics that include a little cryptocurrencies, promoting other podcasts, malicious World Cup apps, 4th of July data breaches, password managers, and wrapping car keys in foil. Oh, and Costco. And what…
030: I do like me some goats…
Jul 7, 2018 • 43 min
Eric rants about cryptocurrencies, Jon speculates about a billion ten year olds. Eric likes watching zoo animals and Jon appreciates fireworks in another state. Happy Independence Day, America!
029: Crypto-mining Docker Images and Insider Threats
Jun 28, 2018 • 43 min
Jon’s bees don’t cooperate and Eric watches baseball. Docker hub containers that mine Monero for their own benefit and a Kubernetes honeypot; Tesla’s malicious insider and insider threats in general. AI assisted slow motion, NES on the playgrounds, and…
028: A dash of WebUSB and smidge of leaky routers
Jun 22, 2018 • 43 min
Eric rewatches The Matrix. Jon rewatches an assortment from Studio Ghibli. But enough about movies. Some followup with a bit more followup. Did you know your browser can talk directly to USB devices and that your router knows where you live? Eric finds a…
027: Cortana is also a Voice Assistant
Jun 17, 2018 • 32 min
Eric goes fishing (with an ‘f’), Jon has baby goats, and hacking Windows 10 via Cortana. Treat robots as you would like them to treat you, and an underwater datacenter.
026: Microsoft, Apple and concrete dreams
Jun 7, 2018 • 45 min
Microsoft buys GitHub and now we’ll see what that actually means. Apple WWDC surprises developers with cool stuff. Antoni Gaudí wishes he had a concrete printer. Jon continues to explore his love for open source.
025: Stolen credit cards, emailing secret audio, fun with time and a “yay! oh, wait.”
May 31, 2018 • 41 min
Eric has to deal with a stolen credit card. Jon checks in again on the telcos who resell your location data. Your Amazon cylinder might email an audio recording to someone. GDPR makes the web much faster. Eric likes time, Jon almost likes Apple.
024: Comcastic Followup, Real-time Location of any Cell Phone, and Cylinder Security
May 25, 2018 • 41 min
Comcast gets two bits of followup; look up the real-time location of nearly any cell phone user in the states; more Google duplex and cylinder security; a Sunday sermon with some Oatmeal.
023: Password rants, eMail client vulnerabilities, and Google I/O
May 18, 2018 • 43 min
Eric’s password buttons were pushed this week, not-so-secure eMail clients, and a touch of Google I/O. Fake coin offerings and … a knife?
022: Death to the Password and some feels for Microsoft
May 11, 2018 • 40 min
Logging in with only a physical key, Twitter’s oopsie, Facebook fires a stalker and Signal’s messages do not “self-destruct”. Jon chats about stuff from the Microsoft Build conference. Eric still likes Netflix. Jon likes books.
021: Flails, Routers, and Electronic Frontiers
May 4, 2018 • 30 min
Jon describes farm equipment, while Eric teaches driving lessons. Routers around the world are vulnerable, and a critical battle is won for the open web. A fun book tracking hackers and a crazy project for a VGA adapter.
020: 3200 miles, 58 hours and Unit Testing is awesome…
Apr 27, 2018 • 29 min
Eric is back from the road trip. IoT, the gift that keeps on giving. Eric chats about hotel security cards. Jon channels Harry Potter with Obiliviate DNS. The Grand Canyon is really cool and Jon tries installing a garage door opener.
019: The Javascript Episode
Apr 20, 2018 • 40 min
Peter Wooley joins Jon to talk javascript while Eric cannot prevent it. NPM gains package signing capabilities; a casino is hacked courtesy of their fish tank; and once DeepFake matures, how do we tell what’s real? Peter recommends playing Celeste on the…
018: Gmail, Accountants, and VirusTotal, Oh My.
Apr 15, 2018 • 32 min
Gmail doesn’t follow email address standards; having your accountant hacked is Not Good; and confidential data is found in VirusTotal. Eric shares a fun what-if, and Jon is mesmerized watching sorting algorithms.
017: Beekeeper Jon and the Half Dead Car… Eric tries hiking and naming colors.
Apr 6, 2018 • 41 min
Jon chats about his car and beekeeping. Cloudflare’s Privacy Focused DNS and an ARM v Intel post. Will Apple use its own chips in it Macs? And poor, poor Panera… Eric tries hiking Multnomah Falls and ends up hiking somewhere else. Jon gets a kick out of…
016: Boeing, WannaCry, and the Invisible Mask
Mar 31, 2018 • 28 min
Eric sees Ready Player One opening day. Boeing is hit by WannaCry and researchers demonstrate spoofing facial recognition using IR emitters in a ball cap. Someone built a game using HIBP passwords (“My Little Pwnage”). A personal VPN hotspot and a glowing…
015: Chicken Dusting, What’s in Your Blockchain?, and more!
Mar 23, 2018 • 37 min
What does Zuckerberg mean by dust in the chickens, exactly? If you look at the bitcoin blockchain, more than just bitcoin transactions can be found. AI learns to WIN by cheating. How safe is your bitcoin hardware wallet? Checking out the StackOverflow…
014: Ethereum, Spyware, and AMD’s security flaws
Mar 16, 2018 • 35 min
MemFixed sends flush packets to memcached servers. Security tools start showing up for Ethereum. ISPs insert spyware into downloads from legitimate sites. Carl joins to discuss the recently disclosed AMD vulnerabilities.
013: Android P and network devices as a critical vector
Mar 9, 2018 • 35 min
Security implications of Google’s Android ‘P’ first developer preview. Newly unclassified documents from 2016 (likely Shadow Broker fallout). Girl Scout cybersecurity badges and drones in Puerto Rico.
012: Emailing 23,000 private keys and GitHub survives a DDoS attack
Mar 2, 2018 • 31 min
Jon is back from Florida. Is it Trust-ICO or Trustico? Anatomy of an Amplification Attack. Visualizing data and watching documentaries.
011: Peter Wooley joins to chat UI/UX and Disneyland
Feb 22, 2018 • 29 min
We chat CSS Keyloggers and are not worried. Careful what you put into Is your Password in the list of 500 million known passwords? And you can’t chat with Peter without a Disney sidetrack.
010: Consumer Reports, RTL Unicode, and CPU vs Ads
Feb 17, 2018 • 29 min
iFixit and the iPhone X Teardown, Consumer Reports is now adding Security and Privacy into their electronic device ratings, Telegram has a Zero-day vulnerability due to a Right-to-Left Unicode character and wants to mine cryptocurrencies in…
009: Carl Woodward joins the show and talks Meltdown
Feb 9, 2018 • 39 min
Carl talks meltdown/spectre from the trenches. Jon fawns over the Falcon Heavy launch. Eric yaps about Right to Repair and Hacking John Deere tractors. Carl wants an alarm clock, buys an Alexa - its all downhill from there, and it is Cedric’s fault.
008: Alphabet’s Chronicle, Fixing AWS IAM, and Jackpotting ATMs
Feb 2, 2018 • 23 min
Jon’s roof doesn’t collapse. Eric talks about a moon and snow caving. Then they actually talk about security stuff. Sorta. Thoughts on Chronicle, Alphabet’s now named security company. Then, is there a solution for the AWS IAM permissions? And…
007: Apple, Stripe, Bitcoin, and The Whopper
Jan 26, 2018 • 25 min
Jon and Eric ramble through a few completely random topics. Pointless flaws in Apple Preference Panes, Stripe says goodbye to Bitcoin, Burger King takes on Net Neutrality and Jon almost earns himself a Darwin Award.
006: Crash of the Cryptocurrencies and a Hawaii UX #fail
Jan 19, 2018 • 35 min
Jon and Eric chat about stuff completely unrelated to security, with bonus tangents!