S0E1: "Body Bongos"

Comments 0

Previous EpisodeNext Episode
Recorded (UTC) Aired (UTC) Editor
2015-03-01 23:51:22 2015-03-03 20:29:14 brent s.
Format SHA256 GPG Audio File
MP3 e8df6339bb5d40648ab4fe3935fe4d2a93a454e2a102e4b51611c3048583af9d click click
OGG 1ab4298c9ae47ca8385f3bbf0b9a3a8c7d586092f2fd6c7203b2b03e625b2384 click click

We talk about our recording rigs (which are also in our bios), Heartbleed, ShellShock, GHOST, a FreeBSD RNG bug, and duplicate SSH keys found in the wild.


  • Detailed Heartbleed info can be found here, but this may explain it better. The Android Heartbleed vulnerability scanning app can be found here. PolarSSL was, in fact, not affected.
  • You can find out more about ShellShock here. As promised, I dug up as many of the related CVE’s as I could. They are: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278. I was able to find this list compiled here, and there may be more.
  • You can find details on GHOST here. The sec researchers that discovered it have their report here.
  • You can read more about the FreeBSD RNG flaw here and here.
  • You can read more about the dupe SSH host keys found via SHODAN here.

We finish the episode with a discussion about GPG/PGP. The article I mention is here. Moxie Marlinspike’s ‘‘sslstrip’‘ is here, and OpenWhisper can be found here.


This was actually our second take! The first take we did the night before was an absolute mess because jthan’s neighbors were quite noisy. But the sound is a lot cleaner than S0E0!


Music Credits
Track Title Artist Link Copyright/License
Intro Dubstep Bensound click CC-BY-ND 3.0
Outro Sexy Bensound click CC-BY-ND 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)



There are currently no comments on this article.


Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.