Mostly Security

Mostly Security

mostlysecurity.com
chatting about security, technology and other stuff


128: Mutant Bacterial Enzyme
May 23 • 54 min
Welcome to Blackberry talk. Hospitals need to fix things too, and how to decode a data breach. Signal proxies Giphy, unemployment fraud, chrome 83, and Tracked By Beer. St. Helens erupted 40 years ago this week, you can build your own microscope with a Pi…
127: Hi, Mom!
May 15 • 42 min
What day is it? Eric saves a bird, Jon sees free bees in a tree. Zoom scouts Keybase. Twitter makes work from home permanent. Ohio gets HSDOS’d, Hackers attempt a Wordpress Hijack, and you’ve been… uh… Thunder… um… Thunderspy’d. Finally, Eric does some…
126: Blame The Goats
May 9 • 52 min
Social Isolation continues, and Jon has lost a bee colony (boo). Apple’s T2 chip is a nightmare for refurbs, and two breaches this week. Social engineering doesn’t qualify for bug bounties, facebook crashes lots of apps, and an icon-based-web-skimmer. For…
125: Embrace Your Ignorance
May 1 • 45 min
Eric reports on his Utah homework - receives an “F”. Jon reports on his fence mending - receives an “Ouch”. Hanging with Goats. Crashing Twitter. Exposure Notification (not camera related). Fuzzing and Image Processing. Falling for a phone scam. Eric…
124: Battle Of The Queens
Apr 25 • 49 min
Walks in the rain for Eric and a Massive Bee Weekend for Jon. Facebook nudging people who like covid-19 misinformation, Avatarify deep fakes you, and Stripe has good API docs. An exposed payment processor for the breach this week, typosquatting Ruby Gems,…
123: Don’t Jinx Me
Apr 17 • 41 min
Eric is confused by who wears a mask and who doesn’t in public. Jon does a lot of gardening and bee stuff while listening to Air Supply. Just to be clear, there are no new scams, just repackaged scams. Microsoft, Zoom, Apple and Google Followup notes.…
122: The World Is Your Greenscreen
Apr 10 • 56 min
Fourth week of Social Distancing continues, and followup is now ‘zooming-up.’ Breach of Italian email provider. There’s a new SMS OTP Standard proposal, and a potential way to do contact tracking in a private manner. If you know Cobol you may be needed in…
121: It’s A One Head Canoe
Apr 3 • 44 min
Zoom Zoom Zoom Zoom Zoom Zoom Zoom Zoom. COVID-19 COVID-19. Breach Breach. (s + “Attack” for s in [“Mask”,”Ultrasonic”,”Router”]). Canadian Comedy. Squid Insanity. Mistborn.
120: I Dyed My Hair Purple
Mar 27 • 57 min
Eric has numerous Covid adventures, while Jon is “on PTO.” Followup on Chrome, Covid domains, and tracking social distancing. Zoombombing (ick) and Zoomtracking (ugh). Covid spammers use an open HHS redirect, and Microsoft has another zero day. For fun we…
119: Potions and Lotions
Mar 21 • 36 min
Mason Bees and Breaches. Lots of Coronavirus. HomePwn and Dark Matter. Short and Sweet.
118: Peptide Or Pepto Bismol
Mar 14 • 47 min
Stay safe and wash your hands folks. Hard to avoid the Corona talk this week. Lots of followup: Folding@Home, Robocall legislation, and more Right to Repair. There’s a sensitive breach at Whisper, Facebook is suing domain registrars (maybe a good thing),…
117: I’m Pullin’ A Jon
Mar 6 • 38 min
Cast/Snip is back, Jon and Eric don’t see Harry Potter and the Oregon Symphony together, and some restored film followup (with sound!). Jon does vicarious bee shopping and Eric drops some Coronavirus scams. Then we talk about Android stuff for some…
116: A Little Frogsicle
Feb 28 • 47 min
A busy weekend at the auto show (Eric) and without power (Jon). Listen to Short Wave. MGM Breach wasn’t exactly last week. Eero adds support for homekit, a billion vulnerable wifi devices, a chrome zero day, and sharing WhatsApp group links. For fun, we…
115: Dejunkify
Feb 22 • 43 min
Eric cleans, Jon drops bark dust. If your email address hasn’t been compromised, is it a real email address? Some SameSite Cookies and OpenSSH ❤️ FIDO U2F. More Data Brokers with odd names and a PAN Enumeration Attack. Cheating McDonald’s in Germany, a…
114: Pineapple Infection
Feb 15 • 34 min
Three breaches this week. Chrome will begin blocking HTTP downloads, Intel releases a CSME patch, and Emotet begins spreading via insecure WiFi. Eric joins a majority of Americans being Wrong About Pizza, Amazon reviews can be hilarious, and how to create…
113: I Have Joined Dongletown
Feb 7 • 41 min
A breach, a license plate and a WebEx flaw walk into a bar in Dongletown to caucus while listening to the symphony and find a bunch of fun.
112: Friends Dont Let Friends Flash
Feb 1 • 33 min
Another week, another episode. NFL Twitters are hacked, Microsoft support has a huge breach, Botnets are battling, and Macs are Shlayered. If you aggregate public info and multiple breaches, the consequences are “interesting” … and evidently Americans DO…
111: Rick Astley And A Curveball
Jan 25 • 28 min
There’s a fire at the High School and Eric drives to Eugene. Jon doesn’t remember his weekend but extolls the virtues of ditching the Costanza Wallet. More notes on the Windows Vulnerability with a great McAfee article on the math behind it. (Obligatory…
110: On That Disappointing Note
Jan 16 • 39 min
Back from Texas, and presumably done with brisket for a while. What to look for in a tractor (repairability). A billion medical images can’t be wrong, lax cookies, and Super Patch Tuesday. Eric’s fun is an AI Dungeon, and Jon points to a LoTR blog by Ian…
109: Is that a Satirepot?
Jan 10 • 53 min
Live, frome Plano, Texas! It’s Mostly Security! Much brisket is consumed and Raj Samani joins the show. What happens to your digital life once you or a loved one has passed on? Is the public ready to embrace security as a marketing feature? Raj tells a…
108: Define “Appreciate”
Jan 4 • 50 min
Eric and Jon discuss the holiday; an exposed elastic search instance, and a Wawa-winner of the gas station Visa article. What is a Quine, anyway? Restaurant chain Landry’s breached from loyalty systems, data cars collect, and how to perform a reverse…
107: Bifurcate the People
Dec 26, 2019 • 46 min
Happy Holidays! Ring still has issues, and now they’ve really irritated Eric. Jon digs into ToTok (not to be confused with TikTok). Facebook can’t catch a break and millions are tracked everywhere you might not want tracking. Jon has some scientific fun…
106: The Struggle Continues
Dec 21, 2019 • 47 min
Both Eric and Jon have seen Jumanji; Nebraska farmers like Right to Repair. Visa says gas stations are vulnerable, Unicode is (both?) evil and awesome, and we discuss the state of Ransomware in 2019. For fun, we have a nuclear impact map application (??)…
105: Who likes their plunder?
Dec 14, 2019 • 40 min
Eric thinks cooking with warm water is cool. Jon makes cool cutting boards. iPhone 11 Location follow up along with a new segment, “Open Bucket of the Week”. A macOS fileless attack and TikTok in Trouble. Finally, we talk about pirates and a whole lot of…
104: No Mashed Potatoes?
Dec 7, 2019 • 47 min
Eric sees multiple movies over Thanksgiving, while Jon … does not. Two years to upgrade OS of emergency system in S.F., and Sprint’s marketing firm has an open bucket. Eric has a mobile theme with both Android and iOS issues, and Jon details VPN issues…
103: Hold Out for the Big Bucks
Nov 30, 2019 • 33 min
Pre-Thanksgiving Show, Post-Thanksgiving Edit. Some Followup on the NSA Advisory. Eric chats about Google wiping a personal phone and airplane warning lights being hacked. Jon gives 32,768 reasons to update your HP SSD and another big data “exposure”. The…
102: Disable the Off Switch
Nov 23, 2019 • 43 min
Been a busy week, and Eric’s still fighting with his network. Not that Jon has one. Egregious terms of service at Ring and the cops confirm bluetooth scanners are in use. Also, it’s Data Leak Day! (Every day is data leak day). There’s some weird stuff…
101: No Books For You!
Nov 15, 2019 • 38 min
Eric hangs out in San Francisco while Jon makes a pen. There’s a Facebook Bug, a Confluence Bug and an NSA Advisory, along with some more ransomware notes and something about zombies? Eric reminisces about museums and Jon nostalgizes about Mosaic. WASM!
100: Give it Some More Shrift
Nov 9, 2019 • 46 min
Episode 100! This episode is Mostly Intro and Followup. Synology and QNAP; Pizza, Root beer, and Mead. Control your Echo with a laser, OpenSSH to support U2F, and beware insider threats. The Untitled Goose Game allows code injection; Fuzzing open source…
099: Smoked a pack
Nov 1, 2019 • 44 min
Eric has more fun than expected at a Weather Conference and gets to use a censor beep while editing. Jon waxes eloquent about 99 episodes, which coincidentally is the number of years between events in the Zero Hour Podcast. Other stuff was discussed as…
098: Collective Gasp of Yuck
Oct 26, 2019 • 44 min
Eric goes pot shopping and Jon loves carrot cake. Has google achieved quantum supremacy? Biometric missteps, cache failures, Mercedes app glitches, and more cryptojacking containers. Eric joins the Rebble Alliance, the Air Force retires their 8” floppies,…
097: It Pays to be Paranoid
Oct 19, 2019 • 39 min
Apple Farms and Drones. Spy Chip Followup. Much Sudo About Nothing. Bluetooth Beaconing Enable Theft also Enables Mansplaining (what?!?) and some Reductor Malware details. Yellow lights are scientifically proven to be too short and Paul Graham proposes a…
096: An Especially Hardy Perennial
Oct 12, 2019 • 49 min
Eric paints and buys Jon a Yubikey. Jon ditches the Costanza wallet. Hacking back against ransomware, nomoreransom.org, and patch your routers folks. Stalking eyeballs, Twitter sells your 2FA phone number, and more cart skimmers. Eric’s audiobook journey,…
095: The Las Vegas Episode
Oct 5, 2019 • 37 min
This Week: Gambling, Research, Takedowns, Phishing, Jailbreaks. Fun with Madeleine Albright & Colin Powell and the periodic table.
094: Squarelinder
Sep 28, 2019 • 44 min
Eric’s on the road and under the weather; Jon has had better weekends. Apple’s opening up the repair envelope, and the Internet is a Low Trust Society. Paper’s not private, and IBM talks about malware targeting routers. For fun, Eric likes Echo .* and Jon…
093: Sedimentary Layer of Protocols
Sep 20, 2019 • 38 min
This Week: Space Stuff, Data leaks in Ecuador, More Space Stuff, Something about where your car is, and Password Managers are Software, too. Wait, we’re not done. Do you know what you’re phone is doing? Soviet Soldiers Dancing and 3D Dominos, and finally,…
092: Can’t Baffle them with … Baloney
Sep 13, 2019 • 46 min
Chapters: 0:00 - Intro + Car Troubles 4:48 - St. Helens Hike 10:16 - BMC Exposed on Supermicro Servers 11:36 - MLIR Donated to LLVM Foundation 12:42 - Chandrayaan-2 Crashes 13:30 - “Amature” 25m Telescope 16:06 - Vulnerable Internet Radios 19:05 - Apple’s…
091: Dining Philosophers Problem
Sep 7, 2019 • 41 min
Kids are back in school! Chainsaw carving. iOS exploit explanations. Realtime audio deepfakes. Ransomware isn’t going anywhere. Google Play apps on HackerOne. Developing Modern Applications. A crossword game with regex. Tensorflow compilers.
090: IBM: Hold My Chip
Aug 31, 2019 • 47 min
Chapters: 0:00 - Intro - Sourdough Starter 3:26 - Kite Festival 8:56 - (Last Year Kite Festival) 10:33 - exFAT Open Sourced 11:36 - IBM: Hold my Chip 15:37 - Microsoft + MFA 21:40 - Fortigate VPN RCE 32:28 - Fortigate Blackhat Slides 37:18 - Atomic PI…
089: Maslow’s Hierarchy of Needs
Aug 22, 2019 • 32 min
Eric does some camping, Jon does some hiking, and then there is another breach and Jon gets into some psychological motivational theory. Finally Eric is still stuck in space and Jon shares a biological discovery.
088: Nimbility
Aug 17, 2019 • 31 min
Chapters: 0:00 - Intro - Texas is Hot 3:19 - Death to EV Certs 6:09 - AWS IAM Complexity 8:44 - Wormable RCEs 12:28 - Screwed Drivers 24:54 - Atlas 5 Sunrise 26:48 - Perseid Meteors 29:43 - Star Walk 2
087: You must have horns
Aug 9, 2019 • 37 min
Extra bits of fun wrap and bunch of ZDNET articles. 0:00 - Intro 7:19 - IP over Avian Carriers 9:30 - Disappearing Sunday Comic 10:50 - Chrome Extension Notes 12:32 - Cast/Snip is Shelved 13:30 - SHIELD Act 15:37 - AT&T Employee Bribes 18:48 - Chilean…
086: Cacophony of Catastrophes
Aug 3, 2019 • 49 min
Chapters: 0:00 - Intro 2:20 - Galaxy’s Edge 8:46 - NPM “Issues” 15:31 - ERROR 418: I’m a teapot. 16:52 - Hardened Runtime Entitlements 22:14 - Don’t Jump, Scott 25:59 - EV Certs are Dead 29:20 - EC2 Danger 32:15 - Six iOS Bugs 38:02 - Redfish Lake 42:47 -…
085: Trotters. Trot. Feet. I just made the connection.
Jul 26, 2019 • 46 min
Ramen and Baked Baking Soda. Fencing Lowlights. Pi-hole experiments. HIBP Authentication, Plaintext Passwords and Encryption Backdoors. Nacho Analytics and Docker Escapes. More Space Goodness and Civ VI.
084: No, I Do Not Have a Forklift
Jul 19, 2019 • 45 min
Chapters: 0:00 - Intro 9:00 - OMR Tokens 13:05 - iOS URL Scheme Hijacking 23:09 - FIDO2 Support in Active Directory 28:36 - Building WSL 31:42 - Prime Day Whoops 37:47 - National Hot Dog Day 40:40 - Pickle Day 42:41 - Apollo 11 Anniversary
083: It was probably Darwin worthy…
Jul 12, 2019 • 48 min
A super long Pixar Short, Trailer Towing, Tablesaws and Chainsaws, Earthquakes seen from a Raspberry Pi, Conferencing Software Gone Wild, Famous APTs, Medical Ooofs, The Patented Unhackable, and the Unraveling of the JPEG. Yep. That’s the show. Guess…
082: This Kind of Creeps Me Out
Jul 7, 2019 • 48 min
Chapters: 0:00 - Intro - Password Woes 5:00 - Bellroy Wallet 5:33 - Costanzaist 10:42 - The Stand 12:32 - Yubico FIPS Vulnerability 14:16 - D-Link Security Settlement 17:20 - Forced App Install 20:33 - OSX/CrescentCore 27:10 - FaceTime Attention…
081: Ok, that was TMI
Jun 28, 2019 • 39 min
I’m not sure why we put stuff in the summary that is just a repeat of the chapters… So let’s try something new this week! Read the chapters! It will be fun!
080: Four Authenticator Apps
Jun 21, 2019 • 40 min
A tale of two father’s days. Google’s cool with Sign in with Apple, and 1Password now supports Yubikey. A clever sports app violates privacy for license enforcement, and cameras are the most compromised IoT devices. Four, count them four fun things:…
079: Hackin’ and Slashin’
Jun 14, 2019 • 40 min
School is out. Apple updates the Enterprise App Agreement and will send unknowns calls to voicemail. Package dependencies continue to be a problem. HIBP is looking for a home. Vim has a bug. Android supply chain issues. Rambleed. Eric relates a story…
078: Grilling and Chilling
Jun 8, 2019 • 46 min
Eric’s back from Chicago and Jon’s destroying things with mowers. WWDC is going on, with some interesting security announcements already. Elastic buys Endgame, Quest Diagnostics is breached, and real life bank heists aren’t like Hollywood movies. Eric had…
077: You have ruined me
Jun 1, 2019 • 37 min
No honey yet, but we now have a “Days Since Last Facebook Scandal” counter. If you only had an hour to talk security, what would you say? SnapChat joins Facebook, and not in a good way, so just plan for some users being evil. If your name is Jared and you…
076: Vowel Shortage in the Valley
May 25, 2019 • 37 min
Eric and Jon are in Arizona; people seem to like the bees, and Jon gets to revel in his Bitcode conspiracy a little more. Instagram data found in an ‘influencer’ breach, and Google releases two factor auth effectiveness data. Jon’s curious about Minecraft…
075: I Am Very Easily Distracted
May 17, 2019 • 37 min
Should I mention Jon talking about bees again? Or the quick follow ups on MDS Attacks, GitHub’s Package Registry or Social Proofs? Hacking the “unhackable”, along with a software update “crashing” ankle monitors in the Netherlands? Then there’s the SHA-1…
074: What’s Old is New Again
May 11, 2019 • 42 min
Go see Avengers. And don’t be jealous, Star Wars, just Use the Force, Harry. Data on Let’s Encrypt, HoloLens’ live demo doesn’t, and we reference two past episodes (37 and 39). Ransomware is targeting source on GitHub, Jon talks containers for Too Long,…
073: Just checking to make sure there were cookies…
May 3, 2019 • 41 min
Jon’s in Ireland, Eric’s in Oregon, both are half asleep. Cast/Snip, meet Sherlock. Hardware is hard. Kids are smarter than you think. Let’s Encrypt is great. Cryptocurrencies gonna Cryptocurrency. Telnet Server on Wheels. Sneaky robots.txt. Renting a…
072: Over the Air Hardware Updates
Apr 26, 2019 • 38 min
Jon does more bee stuff, and Eric releases a new version of Cast/Snip. Moare Farcebook password woes, McAfee partners with the University of Guelph, and unlocking laptops with faces is suspect. 1 in 4 people purposefully ignore security rules, identity…
071: Essentially a Lispy Language
Apr 19, 2019 • 47 min
Jon modifies a rootbeer request while Eric watches a movie by himself and Jon wires up a solar panel. Breaking: The internet needs to relax. Next: Ask yourself, who’s tracking your child? Then: Apple makes nice with Qualcomm. Intermission: StackOverflow…
070: Let’s Not Talk About Gwen Stefani
Apr 13, 2019 • 43 min
Eric returns from California with head full of Google kool-aid and ears full of Gwen Stefani. Eero acquisition wasn’t all roses, Facebook mobile SDK sends lots of data to Facebook, and a robo voice mailer data breach. Jon talks about training Alexa, and…
069: I don’t like either of those
Apr 4, 2019 • 49 min
This week: * Eric misses Chicago and ends up in Texas eating a tomahawk. * Water is still wet (aka Facebook data leak in the news again). * Jon follows up with some ASUS/Shadowhammer info (then his cat chimes). * Robocalls are bad * Java is now bad - or…
068: You’re Not Eric
Mar 29, 2019 • 35 min
Cedric Cochin joins the podcast while Eric is on Spring Break. Norsk is still recovering from ransomware and Apple’s News+ service is strangely open. ASUS distributed hundreds of thousands of malicious, signed updates, and heart implants that are…
067: Say Something Nice
Mar 22, 2019 • 37 min
Cast/Snip is live. Jon corrects the record on SHA. Phone numbers are horrible identity proofs. Most AntiVirus for Android is garbage. Aluminum Ransomware. Mirai is not dead yet. Eric rides into Quantum Country. Jon sneaks a peek at an original iPhone…
066: Maybe Cut That Part Out
Mar 15, 2019 • 46 min
Eric’s app (Cast/Snip) is launching soon, and Libby is awesome. Marriott discloses much more information about the previous Starwood breach, and Amazon has their own Project Zero. Microsoft releases a Windows 7 patch to add SHA-256 support, and Jon spends…
065: Fool me fifteen times…
Mar 7, 2019 • 37 min
Jon’s gonna catch himself some bees. Eric’s trying to avoid getting sick. Facebook - uh, is still Facebook and there’s still no cryptocurrency to be found. The NSA open sources a reverse engineering tool and, not to be outdone, Microsoft open sources a…
064: White Powdery Substance
Mar 1, 2019 • 47 min
Jon is back from Arizona and Eric’s playing seamster. Another cryptocurrency heist, another Ring vulnerability, how to abuse (web) Service Workers, and a hardware attack at bare metal clouds. For fun, both the NSA and Eric are on GitHub, and Jon had a…
063: Not a Hack nor Ransomware, rather a Brick
Feb 22, 2019 • 44 min
Jon is out, Peter is in. A listener has a question about using consumer devices at work - we kinda-sorta answered it. Followup on Facebook, Apple, Amazon Eero and Nike AirBricks. Eric likes PASTA (but can’t figure out where the last A came from). Peter…
062: Too Dang Easy To Use
Feb 16, 2019 • 46 min
Follow-up galore: Ubiquiti, Android transcription, the FaceTime bug, and USB-C encryption. MacOS needs a bounty program, Eero gets bought by Amazon, patch Tuesday fun, and using Mono to bypass Mac security. We remember Opportunity and recommend watching…
061: Schrödinger’s CEO
Feb 8, 2019 • 45 min
Eric has an app for taking snips of podcasts, Facebook gets their certs back and still TBD on the curious case of the Cryptocurrency Exchange CEO. Jon gets personal with a Ubiquiti bug while GoDaddy either has or doesn’t have a bug - it isn’t clear - but…
060: Facebook: Hold My Beer
Jan 31, 2019 • 50 min
Eric has a new mic, and Jon’s bees are still alive. The Chromecast hackers were kids, shutdown fallout, and Japan takes a bold step in “hacking” its citizens. A huge FaceTime bug followed by YAFS (Yet Another Facebook Scandal) — this time involving side…
059: Is it possible for my son to go to Hogwarts?
Jan 24, 2019 • 36 min
Raj Samani, one of the founders of nomoreransom.org and the head of McAfee’s Advanced Threat Research team joins the show. * Eric confuses JavaScript and Python. * Jon and Raj discuss statistical probabilities. * Why do you ransom Cryptocurrency Miners?…
058: 35 Year Old Bugs
Jan 18, 2019 • 45 min
Jon scares security guards, Eric teaches Python, and we have an open slack invite on mostlysecurity.com. The Ring article from last week never got much traction, beware the Facebook challenge, ancient vulnerabilities unearthed, and Troy Hunt loads another…
057: Is this the Krusty Krab?
Jan 11, 2019 • 46 min
Hi, Canada! Where is the Krusty Krab anyway? Carriers are still kinda awful. More Android phones fail the Face Test. Crashcast Part 2. The Promiscuity of Ring Security Cameras. Eric reads from his Spam Folder. Jon questions data anonymization and learns…
056: What Not to Sell on Craigslist
Jan 4, 2019 • 36 min
Eric and Jon celebrate the new year in style (not). Weeding out Craigslist ads and Jon wants a Prusa 3d printer. USB-C gets authentication (and a rant from us) and remotely playing videos on Chromecast devices. For fun: millitext, the origins of BASIC,…
055: Hot Tub Hack Machine
Dec 29, 2018 • 29 min
Christmas Skiing, Drone Crashing, and Fake Glitter Bombs. Eric rants (politely) about passwords (again) and Jon talks Hot Tubs and Cryptocurrencies… (What?) Play a game and learn VIM at the same time - and, just FYI, IPv6 is a lot of address space.
054: Windows Etch A Sketch
Dec 20, 2018 • 42 min
Jon (maybe?) saves his bees, Beaverton schools on lockdown, glitter bombs, and cryptojacking on the rise. SMS is weak 2FA, FaceId on Android easily fooled, steganography is real, CenturyLink behaves unethically, and Microsoft adds a Windows sandbox. Eric…
053: Edible Yogurt Contest
Dec 15, 2018 • 43 min
Eric’s office nears completion, and Jon experiments with yogurt. Followup about the crypto crash and the Marriott breach. An Android trojan that skirts 2FA, malware on the high seas, and the biggest data breaches of 2018. Eric likes Amazon’s honey…
052: I’m Mr. Microsoft today…
Dec 7, 2018 • 35 min
Where, O Where, have my Cryptocurrencies gone? Are they hidden in what IBM is dumping? Are they sneaking into Microsoft’s new OS? Maybe they are lost in the Marriott/Starwood Data Breach? Where ever they’ve gone, we don’t know. But Microsoft is publishing…
051: Remember Windows NT Pipes?
Nov 30, 2018 • 41 min
Eric fixes a leaky faucet, Jon manages to avoid salad. After some 2 for 1 followup, Stallman wants in on the digital currency scene, Jon
050: Not a Wimpy Chip
Nov 24, 2018 • 49 min
Eric and Jon prep for Thanksgiving, while companies don’t invest in Cybersecurity. Duo talks Secure Boot on the T2 chip, Jon lets his inner conspiracy theorist out, and Windows Store now accepts ARM64 builds. If getting a digital implant, best to do it…
049: Jiggy-jog to the left…
Nov 16, 2018 • 33 min
Cloudflare launches DNS Privacy apps for iOS and Android, a security “researcher” gets his hand caught in Krebs’ cookie jar, and more speculative execution in x86-land. Jon describes his favorite whistle and Eric discovers you can build a cashless payment…
048: Stamp of Approval
Nov 10, 2018 • 35 min
Eric continues basement construction, and Jon gets stung (but not by a bee). A tale of two cryptocurrency topics: the good and the sad. HSBC is breached, but we doubt the statistics about successful credential stuffing. And Krebs has a great article about…
047: That’s my next band name…
Nov 1, 2018 • 46 min
Happy Halloween! We reflect on some ad fraud and right to repair followup, contemplate CAPTCHAs, cerebrate insecure devices, ponder Big Blue and their Red 34-billion-gallon Hat, and, uh, think, or errm, well, you know, chat about, um, filler words and top…
046: It’s a World Gone Mad
Oct 25, 2018 • 45 min
Implausible Bloomberg followup, JQuery plugin vulnerability (not JavaScript!), and no more GrayKey. An interesting theoretical Cromium vulnerability and an absolutely epic ad fraud article. Eric’s screentime has stopped working, and Jon enjoyed the…
045: Your glass bottles didn’t explode?
Oct 18, 2018 • 27 min
Jon and Eric, live(ish) from Las Vegas! Facebook (again) and the coming PHPocalypse, along with a vulnerability in libssh. Jon learns about The Big Mac Index on a trip to Argentina and Eric geeks about The Illustrated TLS Connection.
044: How About We Cheer on Microsoft
Oct 12, 2018 • 46 min
Eric and Jon both use chat support for network gear, the Bloomberg story gets stranger, and a double pile on Facebook and Google Plus. Microsoft joins OIN, opening up its patent portfolio. For fun Eric likes The Good Place, and Jon likes both The Broken…
043: I probably shouldn’t say that On Air
Oct 5, 2018 • 38 min
Burgerville isn’t safe from data breaches, despite their fabulous fresh fruit milkshakes. The GRU minions make some rookie mistakes. Aaaand, boom. Bloomberg drops the “All your hardware are belong to us” bomb. Eric likes Volkswagen, Jon likes doodles, and…
042: Wisely Sensitive
Sep 28, 2018 • 41 min
A class action lawsuit is filed for NCIX data sale, 854 million worth of cryptocurrency has been stolen in 2018, and Monero fixed a catastrophic bug which would allow someone to ‘print’ money. Google backs off forced logins to chrome after pressure from…
041: Look at you, Mr. Asterisk - Asterisk Man!
Sep 23, 2018 • 40 min
Right to Repair is back with Tractor Talk. Eric chats cryptocurrency losses and potential losses. Jon agrees with Jeff, there is only security - and what happens to computer data when a company goes under? Eric hikes a volcano and Jon freezes his credit.
040: Grand Challenge Accepted
Sep 15, 2018 • 44 min
Eric talks Blockchain security at LA conference, another MongoDB is exposed on the internet, and California poised to pass an IoT security law. Aadhaar grand challenge (episode 32) accepted — evidently Aadhaar enrollment software is routinely modified.…
039: Don’t use glass, she said… We used glass…
Sep 7, 2018 • 43 min
Jon makes root beer. Eric paints. Google Chrome turns 10. Exposing your .git on the web. First email addresses and the Web Design Museum.
038: Randomly SSHing into Teslas
Aug 31, 2018 • 36 min
Back from two more road trips. What life is like when your last name violates profanity filters, and horror stories from (maybe?) an ex-Tesla IT person. Fun with spammers and a book-length article about What-Is-Code.
037: I built a spaghetti bending machine!
Aug 25, 2018 • 34 min
Scam phone calls are still a thing and apparently you can hack multifunction printers by sending a malicious fax. Eric can’t describe a video and Jon bends spaghetti.
036: Goofy Month, Day, Year
Aug 18, 2018 • 34 min
Blackhat and Defcon roundup, including the keynote, voting machine hacking, breaking voice authentication, and hacking various devices, like heartbeat monitors, tornado alarms, and bodycams. Eric asks about early books, and it’s Palindrome Week in the…
035: Didn’t they have the Iron Lung in the ’40s?
Aug 12, 2018 • 43 min
Mobile phone voting? Ummm… Its a little more complicated than people believe. Comcast fixes some bugs. Jon wants a BioReactor. Eric brags about his “Porsche”.
034: Recording on Battery
Aug 5, 2018 • 38 min
Eric is STILL fishing, but in Idaho. Recording on battery in his truck (dedication!). Edge gets Web Auth support, inmates in Idaho get free emails, and Reddit is breached via SMS. Software continues to eat the world and Verizon has released a great…
033: Thanks For All The (Lack Of) Phish
Jul 27, 2018 • 35 min
Eric successfully fishes, and Jon fixes his QNAP issue. Google says they haven’t been phished since deploying U2F keys in 2017. Chrome flags HTTP sites as ‘Not Secure’ and Troy posts a video for why HTTPS matters even for static ‘marketing’ sites. Old…
032: Don’t Sweat, It’s Only the Polish Dogs
Jul 20, 2018 • 38 min
Jon returns from camping so Eric can go fishing again. Costco still sells hot dogs, the Polish dogs have just migrated to Sam’s Club. A trip through anti-cheat development at Riot Games, and a raft of QNAP vulnerabilities. Chickens are fun! As are…
031: That’s all the Spanish I can do right now
Jul 13, 2018 • 24 min
Marcelo DaCruz joins to meander through various topics that include a little cryptocurrencies, promoting other podcasts, malicious World Cup apps, 4th of July data breaches, password managers, and wrapping car keys in foil. Oh, and Costco. And what…
030: I do like me some goats…
Jul 7, 2018 • 43 min
Eric rants about cryptocurrencies, Jon speculates about a billion ten year olds. Eric likes watching zoo animals and Jon appreciates fireworks in another state. Happy Independence Day, America!