Mostly Security

  • Author: Vários
  • Narrator: Vários
  • Publisher: Podcast
  • Duration: 226:57:20
  • More information



Jon and Eric have worked in the security space as developers, architects and leaders for more years than they care to count. At some point Jon said, "we should do a podcast", and here we are. From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job. From beekeeping adventures to hiking mountains to shows on Netflix, there's always something fun to wrap up the show.


  • 292: People Farming

    15/07/2023 Duration: 37min

    Jon gardens and Eric has a potpourri of activities (hiking, museuming, movieing). Scams and phishing up huge year over year, and will Meta ever launch Threads in the EU (honoring privacy laws?). For fun we have SR-71 stories and a fishing charter out of SW Washington. 0:00 - Intro 11:35 - Scams Up 16:45 - No Threads for EU 23:23 - SR-71 Blackbird 32:50 - Salty Dog

  • 291: The Brisket Saga

    06/07/2023 Duration: 39min

    Eric's attempt at making brisket was hampered by IOT failures, Jon's attempt at fishing was hampered by stomach failures. More surveillance camera oopsies and NSO acquisition notes. Will the UK force backdoors in encrypted messages and people really still send snail mail scams via the post office? Who knew. Threads is the latest Twitter replacement and we're looking forward to seeing pebbles from an asteroid. 0:00 - Introduction 19:37 - Surveillance Camera Fail 22:15 - NSO Acquisition Fail 23:40 - Backdoor Fail?

  • 290: Muscular Barbarian

    01/07/2023 Duration: 39min

    Eric goes stargazing and Jon road-trips to southern oregon. Electromagnetic Fault Injection in drones and a severe zero click apple bug used to target Kaspersky employees. For fun we have a reimagined We Didn't Start the Fire by Fall Out Boy, and a new 'zoom out' feature by Midjourney. 0:00 - Intro 18:03 - EMFI 23:16 - TriangleDB 31:44 - We Didn't Start the Fire 33:38 - Midjourney Zoom Out

  • 289: Four Brain Cells

    23/06/2023 Duration: 39min

    Father's Day stuffs, weddings, missed baseball games, beach pizza with carrot chasers. Google sells out to Squarespace. That 30TB external drive is not the deal you think it is. Oregon DMV data compromised. Eric ends up at America's Car Museum and Jon recommends He Who Fights With Monsters. 0:00 - Introduction 10:57 - Google Domains 15:00 - When is 30TB not 30TB? 23:03 - Oregon DMV Data Loss 29:45 - America's Car Museum 33:49 - He Who Fights With Monsters 36:30 - 仙俠

  • 288: Inverse Honeypot

    17/06/2023 Duration: 40min

    Jon stacks hay and has a graduate, while Amazon fails to deliver poptarts for Eric. Github repositories purporting to demonstrate zero days instead are malicious; Barracuda urges hardware replacement of compromised devices, unable to patch with software; and spy camera ecosystem completely compromised and practically unpatchable. For fun we have's space elevator and a solar probe discovers more about the source of the solar wind. 0:00 - Intro 12:20 - Fake Exploits 16:03 - Hardware Replacement 22:47 - Spy Camera Vulnerabilities 30:30 - Space Elevator 34:57 - Coronal Holes

  • 287: Putting Some Honey Up Top

    09/06/2023 Duration: 33min

    Eric's Rocket League team is in first place and Jon's bees are doing great! Kaspersky discovers a compromise on the inside (reboot your iPhone!), Chrome needs an update and BitDefender detects anomalies. Eric beams solar power down to earth and Jon muses what a lost couple decades might be. 0:00 - Introduction 8:53 - Reboot your iPhone 15:37 - Update your Chrome 18:16 - Check your Android Apps 24:25 - Solar Power from Outer Space 27:22 - Waking up after 2 decades

  • 286: LoTR Type Hike

    03/06/2023 Duration: 39min

    Eric runs around Oregon and Mostly Bee Talk with Jon. 60 Minutes demos DeepFake voice hacking -- social engineering remains the easiest and most prevalent way folks are compromised; and PyPi declares that all project and org maintainers must enroll in 2FA before the end of the year. For fun we have the Dragonfly Spectral Line Mapper that uses Raspberry Pi's and ZiGGY -- a mobile EV charging solution. 0:00 - Intro 13:52 - Eric Topic 19:52 - PyPi Goes 2FA 27:17 - Dragonfly Spectral Line Mapper 33:32 - Get ZiGGY With It

  • 285: Unprecedented Business Requirement

    26/05/2023 Duration: 35min

    Jon goes fishing and figures he'll fix a car. Eric goes camping but doesn't really and learns about volunteering at the zoo. Please check out for fun, TikTok gets banned in Montana, Suzuki shuts down in India and TrendMicro informs us on the Lemon Group. Eric still enjoys playing Rocket League and Jon catches up on the Mistborn series. 0:00 - Introduction 11:56 - The .zip TLD is fun! 13:22 - TikTok banned in Montana 16:32 - Suzuki India 19:50 - Lemon Group 28:34 - Rocket League Old Farts 30:59 - Mistborn

  • 284: Jellies and Sponges

    20/05/2023 Duration: 38min

    Jon listens to concerts, the bees are doing well, and Eric avoids the heat and gets his sprinklers and AC working. The many scam apps claiming ChatGPT, new confusing top level domains, the FBI takes out a Snake with Perseus, and MSI has its firmware signing keys stolen by ransomware. Earth is probably safe from an asteroid for the next thousand years, and which came first, the (comb) jelly or the sponge? 0:00 - Intro 11:53 - ChatGPT Scams 15:39 - File Extension or TLD? 19:04 - Perseus vs. Snake 24:13 - Firmware Keys 30:19 - Probably Safe 33:39 - Jellies vs. Sponges

  • 283: Brag about it on Social Media

    13/05/2023 Duration: 36min

    Eric survives a flash flood in his backyard and Jon's bees are alive. Wyoming will have a Nuclear Power Plant soon and ICS Patch Tuesday is a thing. The Spanish arrest a bunch of Phishing Pholks and there's 10 million bucks in easy money for somebody... Eric finishes The Three Body Problem series and Jon recommends the Paternus Trilogy. 0:00 - Introduction 11:04 - Nuclear Power is Back 13:55 - ICS Patch Tuesday 19:44 - Phishing Arrests 22:31 - Who wants $10,000,000? 28:53 - The Three Body Problem 32:36 - Paternus Trilogy

  • 282: Disappointed Face

    06/05/2023 Duration: 37min

    Spring Grilling begun for both Jon and Eric, and Jon got his bees, and it's a Google Night for topics. First, Google fails to encrypt Authenticator secrets when synchronizing across devices, invalidating the security premise; and then Google enables support for passkeys across all its accounts. For fun we have a recipe aggregator and interface: Super Cook, and an undisturbed, ancient tomb found in Ireland. 0:00 - Intro 12:32 - Authenticator Exposes Secrets 17:26 - Passkeys for Google 28:26 - SuperCook 33:06 - Ancient Tomb

  • 281: Make Fire & Burn Meat

    29/04/2023 Duration: 38min

    Jon attempts to go fishing and repair a small engine. Eric attempts pest control. LockBit Ransomware code specific to Apple Silicon found and Kubernetes RBAC finds Monero "friends". Eric admires weed killing robots and Jon finds life deep in antarctic caverns. 0:00 - Introduction 16:40 - LockBit Ransomware for Mac 21:07 - Mac Ransomware 22:31 - Klever Kubernetes Exploits 29:12 - Weed Killing Robots 33:28 - Antarctic Caverns

  • 280: Sprinkle Security Dust

    22/04/2023 Duration: 47min

    Happy Tax Day (in the US). Read the latest Brandon Sanderson novel, Eric's going to coldplay, Jon tried a pottery class. Smooth Operator source is 'high confidence' North Korea, and it was still in the gathering stages (probably). Is Juice Jacking (again?) a thing, and principles of secure software development from CISA and supporting agencies. For fun, what your climate may be like in 60 years, and a talented potter on YouTube. 0:00 - Intro 14:13 - Smooth Operator Source 15:22 - Smooth Operator Followup 17:40 - Juice Jacking(?) 22:36 - Secure by-Design and -Default 40:19 - Climate in 60 years 44:50 - Matthew Kelly Pottery

  • 279: Do Battle with the Mice

    15/04/2023 Duration: 30min

    Jon is unable to split bees and is still working out a cough. Eric drives half way to Seattle because Amtrak decided to stop functioning. Cars can now be stolen by popping out a headlight and no package manager is safe from supply chain attacks. Eric shares a Stitch and Jon gives credit to Einstein's first wife. 0:00 - Introduction 7:54 - Car Stealing 11:40 - NuGet Package Manager 20:35 - Stitch 23:22 - Forgotten Life of Einstein's First Wife

  • 278: Skittles Popcorn

    08/04/2023 Duration: 39min

    Eric and Jon are both back from their respective road trips. Samsung will patch for the Exynos flaws in April, the Biden administration issues and executive order limiting the government use of some forms of spyware, the RESTRICT act to ban tik tok is 'insanely broad' and could easily sweep other software into its net, and the 'Smooth Operator' supply chain vuln from last week hit the mac too. For fun we have two vacation happenings: freeze dried skittles and the shuttle Enterprise. 0:00 - Intro 11:08 - Exynos Followup 12:21 - Restrict Spyware 14:41 - Insanely Broad 20:21 - Smooth (Mac) Operator 29:54 - Freeze Dried Skittles 33:03 - The Shuttle Enterprise

  • 277: Field Trip Episode

    31/03/2023 Duration: 33min

    Jon drives across the US, Eric takes his boy on college tours. ChatGPT has a bug, AirTags are used by the government, Bitcoin ATMs get hacked and Android Developers can better avoid fraud if they use the right APIs. Eric finally finishes book 2 of The Three Body Problem and Jon checks out a T-Rex. 0:00 - Introduction 9:27 - ChatGPT Outage 11:41 - AirTag Surveillance 14:42 - Bitcoin ATM Hack 18:47 - Android Fraud Abuse Help 23:46 - The Dark Forest 27:56 - Sue the T-Rex

  • 276: Waggle Dance For Fun

    25/03/2023 Duration: 37min

    Jon and Eric prepare for road trips; the trebuchet is (mostly) done, and spring may have started in Oregon. Project Zero finds a modem vuln in modern android phones and watches, Lionsgate streaming left an ElasticSearch instance wide open, and LinusTechTips YouTube channel was taken over. For fun we have Charlie Chaplin (and Einstein!) and a study on how bees learn the waggle dance. 0:00 - Intro 12:33 - Disable Voice over LTE 17:24 - Lionsgate Leak 21:35 - LinusTechTips Hacked 26:44 - Charlie Chaplin 31:22 - Waggle Dance Study

  • 275: Humans Are The Squishy Bits

    18/03/2023 Duration: 40min

    Eric does car things and watches a musical from 1875, Jon has trebuchet updates and enjoys the local High School production of The Addams Family. Telehealth company (legally) sells your medical data to advertisers. Cybercriminals are arrested in Europe and CISA will port scan your website. Eric is the only one who likes a 3 wheeled car and in the wake of SVB, Jon (after a sidebar on his Tablo woes) shares a great banking system explainer. 0:00 - Introduction 7:09 - Trial by jury 14:52 - Cerebral sells data 18:24 - Cybercriminals caught 21:24 - RVWP 26:41 - SOLO 30:27 - Bits About Money

  • 274: Day Of Struggle

    11/03/2023 Duration: 31min

    Eric projects around the house and Jon gives a trebuchet update. LastPass hits keep coming, changing someone else's address, the (good!) network consequences of a DDoS takedown, and Wednesday was International Women's Day. 0:00 - Intro 11:05 - LastPass via Plex 13:56 - Address Change 21:42 - DDOS Seizure Fallout 26:53 - International Women's Day

  • 273: Everybody's A Critic

    04/03/2023 Duration: 37min

    Snow happens and disrupts everything except Eric's shiny new Rocket League Old Farts Season 8 Championship title. Scammy authenticator apps. AI generated voices breaking into banks. Typosquatting on PyPi. Electricity thieves for Crypto. Eric discovers Tatooine could exist and Jon speculates on how smart ChatGPT actually is...

page 3 from 17
