S0E1: "Body Bongos"
We talk about our recording rigs (which are also in our bios), Heartbleed, ShellShock, GHOST, a FreeBSD RNG bug, and duplicate SSH keys found in the wild.
- Detailed Heartbleed info can be found here, but this may explain it better. The Android Heartbleed vulnerability scanning app can be found here. PolarSSL was, in fact, not affected.
- You can find out more about ShellShock here. As promised, I dug up as many of the related CVE’s as I could. They are: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278. I was able to find this list compiled here, and there may be more.
- You can find details on GHOST here. The sec researchers that discovered it have their report here.
- You can read more about the FreeBSD RNG flaw here and here.
- You can read more about the dupe SSH host keys found via SHODAN here.
We finish the episode with a discussion about GPG/PGP. The article I mention is here. Moxie Marlinspike’s ‘‘sslstrip’‘ is here, and OpenWhisper can be found here.
This was actually our second take! The first take we did the night before was an absolute mess because jthan’s neighbors were quite noisy. But the sound is a lot cleaner than S0E0!
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)