Mostly Security

Mostly Security
chatting about security, technology and other stuff
053: Edible Yogurt Contest
Dec 15 • 43 min
Eric’s office nears completion, and Jon experiments with yogurt. Followup about the crypto crash and the Marriott breach. An Android trojan that skirts 2FA, malware on the high seas, and the biggest data breaches of 2018. Eric likes Amazon’s honey…
052: I’m Mr. Microsoft today…
Dec 7 • 35 min
Where, O Where, have my Cryptocurrencies gone? Are they hidden in what IBM is dumping? Are they sneaking into Microsoft’s new OS? Maybe they are lost in the Marriott/Starwood Data Breach? Where ever they’ve gone, we don’t know. But Microsoft is publishing…
051: Remember Windows NT Pipes?
Nov 30 • 41 min
Eric fixes a leaky faucet, Jon manages to avoid salad. After some 2 for 1 followup, Stallman wants in on the digital currency scene, Jon
050: Not a Wimpy Chip
Nov 24 • 49 min
Eric and Jon prep for Thanksgiving, while companies don’t invest in Cybersecurity. Duo talks Secure Boot on the T2 chip, Jon lets his inner conspiracy theorist out, and Windows Store now accepts ARM64 builds. If getting a digital implant, best to do it…
049: Jiggy-jog to the left…
Nov 16 • 33 min
Cloudflare launches DNS Privacy apps for iOS and Android, a security “researcher” gets his hand caught in Krebs’ cookie jar, and more speculative execution in x86-land. Jon describes his favorite whistle and Eric discovers you can build a cashless payment…
048: Stamp of Approval
Nov 10 • 35 min
Eric continues basement construction, and Jon gets stung (but not by a bee). A tale of two cryptocurrency topics: the good and the sad. HSBC is breached, but we doubt the statistics about successful credential stuffing. And Krebs has a great article about…
047: That’s my next band name…
Nov 1 • 46 min
Happy Halloween! We reflect on some ad fraud and right to repair followup, contemplate CAPTCHAs, cerebrate insecure devices, ponder Big Blue and their Red 34-billion-gallon Hat, and, uh, think, or errm, well, you know, chat about, um, filler words and top…
046: It’s a World Gone Mad
Oct 25 • 45 min
Implausible Bloomberg followup, JQuery plugin vulnerability (not JavaScript!), and no more GrayKey. An interesting theoretical Cromium vulnerability and an absolutely epic ad fraud article. Eric’s screentime has stopped working, and Jon enjoyed the…
045: Your glass bottles didn’t explode?
Oct 18 • 27 min
Jon and Eric, live(ish) from Las Vegas! Facebook (again) and the coming PHPocalypse, along with a vulnerability in libssh. Jon learns about The Big Mac Index on a trip to Argentina and Eric geeks about The Illustrated TLS Connection.
044: How About We Cheer on Microsoft
Oct 12 • 46 min
Eric and Jon both use chat support for network gear, the Bloomberg story gets stranger, and a double pile on Facebook and Google Plus. Microsoft joins OIN, opening up its patent portfolio. For fun Eric likes The Good Place, and Jon likes both The Broken…
043: I probably shouldn’t say that On Air
Oct 5 • 38 min
Burgerville isn’t safe from data breaches, despite their fabulous fresh fruit milkshakes. The GRU minions make some rookie mistakes. Aaaand, boom. Bloomberg drops the “All your hardware are belong to us” bomb. Eric likes Volkswagen, Jon likes doodles, and…
042: Wisely Sensitive
Sep 28 • 41 min
A class action lawsuit is filed for NCIX data sale, 854 million worth of cryptocurrency has been stolen in 2018, and Monero fixed a catastrophic bug which would allow someone to ‘print’ money. Google backs off forced logins to chrome after pressure from…
041: Look at you, Mr. Asterisk - Asterisk Man!
Sep 23 • 40 min
Right to Repair is back with Tractor Talk. Eric chats cryptocurrency losses and potential losses. Jon agrees with Jeff, there is only security - and what happens to computer data when a company goes under? Eric hikes a volcano and Jon freezes his credit.
040: Grand Challenge Accepted
Sep 15 • 44 min
Eric talks Blockchain security at LA conference, another MongoDB is exposed on the internet, and California poised to pass an IoT security law. Aadhaar grand challenge (episode 32) accepted — evidently Aadhaar enrollment software is routinely modified.…
039: Don’t use glass, she said… We used glass…
Sep 7 • 43 min
Jon makes root beer. Eric paints. Google Chrome turns 10. Exposing your .git on the web. First email addresses and the Web Design Museum.
038: Randomly SSHing into Teslas
Aug 31 • 36 min
Back from two more road trips. What life is like when your last name violates profanity filters, and horror stories from (maybe?) an ex-Tesla IT person. Fun with spammers and a book-length article about What-Is-Code.
037: I built a spaghetti bending machine!
Aug 25 • 34 min
Scam phone calls are still a thing and apparently you can hack multifunction printers by sending a malicious fax. Eric can’t describe a video and Jon bends spaghetti.
036: Goofy Month, Day, Year
Aug 18 • 34 min
Blackhat and Defcon roundup, including the keynote, voting machine hacking, breaking voice authentication, and hacking various devices, like heartbeat monitors, tornado alarms, and bodycams. Eric asks about early books, and it’s Palindrome Week in the…
035: Didn’t they have the Iron Lung in the ’40s?
Aug 12 • 43 min
Mobile phone voting? Ummm… Its a little more complicated than people believe. Comcast fixes some bugs. Jon wants a BioReactor. Eric brags about his “Porsche”.
034: Recording on Battery
Aug 5 • 38 min
Eric is STILL fishing, but in Idaho. Recording on battery in his truck (dedication!). Edge gets Web Auth support, inmates in Idaho get free emails, and Reddit is breached via SMS. Software continues to eat the world and Verizon has released a great…
033: Thanks For All The (Lack Of) Phish
Jul 27 • 35 min
Eric successfully fishes, and Jon fixes his QNAP issue. Google says they haven’t been phished since deploying U2F keys in 2017. Chrome flags HTTP sites as ‘Not Secure’ and Troy posts a video for why HTTPS matters even for static ‘marketing’ sites. Old…
032: Don’t Sweat, It’s Only the Polish Dogs
Jul 20 • 38 min
Jon returns from camping so Eric can go fishing again. Costco still sells hot dogs, the Polish dogs have just migrated to Sam’s Club. A trip through anti-cheat development at Riot Games, and a raft of QNAP vulnerabilities. Chickens are fun! As are…
031: That’s all the Spanish I can do right now
Jul 13 • 24 min
Marcelo DaCruz joins to meander through various topics that include a little cryptocurrencies, promoting other podcasts, malicious World Cup apps, 4th of July data breaches, password managers, and wrapping car keys in foil. Oh, and Costco. And what…
030: I do like me some goats…
Jul 7 • 43 min
Eric rants about cryptocurrencies, Jon speculates about a billion ten year olds. Eric likes watching zoo animals and Jon appreciates fireworks in another state. Happy Independence Day, America!
029: Crypto-mining Docker Images and Insider Threats
Jun 28 • 43 min
Jon’s bees don’t cooperate and Eric watches baseball. Docker hub containers that mine Monero for their own benefit and a Kubernetes honeypot; Tesla’s malicious insider and insider threats in general. AI assisted slow motion, NES on the playgrounds, and…
028: A dash of WebUSB and smidge of leaky routers
Jun 22 • 43 min
Eric rewatches The Matrix. Jon rewatches an assortment from Studio Ghibli. But enough about movies. Some followup with a bit more followup. Did you know your browser can talk directly to USB devices and that your router knows where you live? Eric finds a…
027: Cortana is also a Voice Assistant
Jun 17 • 32 min
Eric goes fishing (with an ‘f’), Jon has baby goats, and hacking Windows 10 via Cortana. Treat robots as you would like them to treat you, and an underwater datacenter.
026: Microsoft, Apple and concrete dreams
Jun 7 • 45 min
Microsoft buys GitHub and now we’ll see what that actually means. Apple WWDC surprises developers with cool stuff. Antoni Gaudí wishes he had a concrete printer. Jon continues to explore his love for open source.
025: Stolen credit cards, emailing secret audio, fun with time and a “yay! oh, wait.”
May 31 • 41 min
Eric has to deal with a stolen credit card. Jon checks in again on the telcos who resell your location data. Your Amazon cylinder might email an audio recording to someone. GDPR makes the web much faster. Eric likes time, Jon almost likes Apple.
024: Comcastic Followup, Real-time Location of any Cell Phone, and Cylinder Security
May 25 • 41 min
Comcast gets two bits of followup; look up the real-time location of nearly any cell phone user in the states; more Google duplex and cylinder security; a Sunday sermon with some Oatmeal.
023: Password rants, eMail client vulnerabilities, and Google I/O
May 18 • 43 min
Eric’s password buttons were pushed this week, not-so-secure eMail clients, and a touch of Google I/O. Fake coin offerings and … a knife?
022: Death to the Password and some feels for Microsoft
May 11 • 40 min
Logging in with only a physical key, Twitter’s oopsie, Facebook fires a stalker and Signal’s messages do not “self-destruct”. Jon chats about stuff from the Microsoft Build conference. Eric still likes Netflix. Jon likes books.
021: Flails, Routers, and Electronic Frontiers
May 4 • 30 min
Jon describes farm equipment, while Eric teaches driving lessons. Routers around the world are vulnerable, and a critical battle is won for the open web. A fun book tracking hackers and a crazy project for a VGA adapter.
020: 3200 miles, 58 hours and Unit Testing is awesome…
Apr 27 • 29 min
Eric is back from the road trip. IoT, the gift that keeps on giving. Eric chats about hotel security cards. Jon channels Harry Potter with Obiliviate DNS. The Grand Canyon is really cool and Jon tries installing a garage door opener.
019: The Javascript Episode
Apr 20 • 40 min
Peter Wooley joins Jon to talk javascript while Eric cannot prevent it. NPM gains package signing capabilities; a casino is hacked courtesy of their fish tank; and once DeepFake matures, how do we tell what’s real? Peter recommends playing Celeste on the…
018: Gmail, Accountants, and VirusTotal, Oh My.
Apr 15 • 32 min
Gmail doesn’t follow email address standards; having your accountant hacked is Not Good; and confidential data is found in VirusTotal. Eric shares a fun what-if, and Jon is mesmerized watching sorting algorithms.
017: Beekeeper Jon and the Half Dead Car… Eric tries hiking and naming colors.
Apr 6 • 41 min
Jon chats about his car and beekeeping. Cloudflare’s Privacy Focused DNS and an ARM v Intel post. Will Apple use its own chips in it Macs? And poor, poor Panera… Eric tries hiking Multnomah Falls and ends up hiking somewhere else. Jon gets a kick out of…
016: Boeing, WannaCry, and the Invisible Mask
Mar 31 • 28 min
Eric sees Ready Player One opening day. Boeing is hit by WannaCry and researchers demonstrate spoofing facial recognition using IR emitters in a ball cap. Someone built a game using HIBP passwords (“My Little Pwnage”). A personal VPN hotspot and a glowing…
015: Chicken Dusting, What’s in Your Blockchain?, and more!
Mar 23 • 37 min
What does Zuckerberg mean by dust in the chickens, exactly? If you look at the bitcoin blockchain, more than just bitcoin transactions can be found. AI learns to WIN by cheating. How safe is your bitcoin hardware wallet? Checking out the StackOverflow…
014: Ethereum, Spyware, and AMD’s security flaws
Mar 16 • 35 min
MemFixed sends flush packets to memcached servers. Security tools start showing up for Ethereum. ISPs insert spyware into downloads from legitimate sites. Carl joins to discuss the recently disclosed AMD vulnerabilities.
013: Android P and network devices as a critical vector
Mar 9 • 35 min
Security implications of Google’s Android ‘P’ first developer preview. Newly unclassified documents from 2016 (likely Shadow Broker fallout). Girl Scout cybersecurity badges and drones in Puerto Rico.
012: Emailing 23,000 private keys and GitHub survives a DDoS attack
Mar 2 • 31 min
Jon is back from Florida. Is it Trust-ICO or Trustico? Anatomy of an Amplification Attack. Visualizing data and watching documentaries.
011: Peter Wooley joins to chat UI/UX and Disneyland
Feb 22 • 29 min
We chat CSS Keyloggers and are not worried. Careful what you put into Is your Password in the list of 500 million known passwords? And you can’t chat with Peter without a Disney sidetrack.
010: Consumer Reports, RTL Unicode, and CPU vs Ads
Feb 17 • 29 min
iFixit and the iPhone X Teardown, Consumer Reports is now adding Security and Privacy into their electronic device ratings, Telegram has a Zero-day vulnerability due to a Right-to-Left Unicode character and wants to mine cryptocurrencies in…
009: Carl Woodward joins the show and talks Meltdown
Feb 9 • 39 min
Carl talks meltdown/spectre from the trenches. Jon fawns over the Falcon Heavy launch. Eric yaps about Right to Repair and Hacking John Deere tractors. Carl wants an alarm clock, buys an Alexa - its all downhill from there, and it is Cedric’s fault.
008: Alphabet’s Chronicle, Fixing AWS IAM, and Jackpotting ATMs
Feb 2 • 23 min
Jon’s roof doesn’t collapse. Eric talks about a moon and snow caving. Then they actually talk about security stuff. Sorta. Thoughts on Chronicle, Alphabet’s now named security company. Then, is there a solution for the AWS IAM permissions? And…
007: Apple, Stripe, Bitcoin, and The Whopper
Jan 26 • 25 min
Jon and Eric ramble through a few completely random topics. Pointless flaws in Apple Preference Panes, Stripe says goodbye to Bitcoin, Burger King takes on Net Neutrality and Jon almost earns himself a Darwin Award.
006: Crash of the Cryptocurrencies and a Hawaii UX #fail
Jan 19 • 35 min
Jon and Eric chat about stuff completely unrelated to security, with bonus tangents!