Mostly Security

From commentary on current events to random musings, they chat (mostly) about security and technology topics. However, life is more than just the day job, there's always something fun to wrap up the show.

414: Fig Wasp Redux 11/15/2025

414: Fig Wasp Redux Eric goes to Nateland and Jon goes flying. Another javascript worm, and automatic license plate reader records declared public in Washington. For fun we have a repo of annual security reports and Jon suffering memory loss and search ineptitude, but fig wasps are still cool. 0:00 - Intro 17:20 - 21:50 - 28:55 - 29:26 - 30:43 - /episode/index/show/secrandom/id/39045140

413: Sidekick, not Primarykick 11/08/2025

413: Sidekick, not Primarykick Eric drills a door and Jon disagrees and commits to an electrical fix. Aisuru makes the Cloudflare Top 10. The Louvre had a bad week, while furniture trucks had a good one. Gemini used to write malware. Rivers in Alaska are orange. 0:00 - Introduction 14:11 - 16:25 - 20:03 - 24:12 - 26:45 - 28:26 - /episode/index/show/secrandom/id/38963780

412: Precondition Failed 11/01/2025

412: Precondition Failed Remote Eric Assist and Jon enjoys ... hockey(??). More prompt injections, the most damaging UK cyber event (so far), and residential proxy use for fun and training data. Will Agentic AI bring back micropayments, and how is Costco's pumpkin pie so good? 0:00 - Intro 10:47 - 16:56 - 19:32 - 24:34 - 29:49 - /episode/index/show/secrandom/id/38873650

411: Fantastic Turn Of Phrase 10/23/2025

411: Fantastic Turn Of Phrase Travel Adventures, AI Advancements (and Challenges), Satellite Security Concerns, Machine Learning Insights, and De-Extinction Efforts for the Giant Moa. 0:00 - Introduction 4:49 - 9:15 - 14:41 - 20:02 - /episode/index/show/secrandom/id/38761170

410: Gone 10/18/2025

410: Gone Family weekends for Eric and Jon. A new side channel for pixel sniffing on Android, malware abusing github + steganography for configuration, and Apple doubles many of its security bounties. For fun, long live(d) the naked mole rat, and warp drives move from the irrational (negative energy ftw!) to the theoretically possible. 0:00 - Intro 8:55 - 12:59 - 16:16 - 23:08 - 27:15 - /episode/index/show/secrandom/id/38630015

409: Menacing Missives 10/11/2025

409: Menacing Missives This was almost "The Quiet Episode" after some audio challenges, amazing what technology can hide... Eric gets back in town just in time to leave town. Jon goes to a bookstore. The UK is still trying to get Apple to create a backdoor. OpenAI talked about malicious use of AI. ShinyHunters are back. Pristine Stars are a thing and Powell's City of Books is cool. 0:00 - Introduction 3:04 - 5:51 - 15:32 - 22:59 - 26:00 - /episode/index/show/secrandom/id/38547445

408: Request Timeout 10/04/2025

408: Request Timeout Eric is traveling and Jon is repairing. Coordinated arrests of scammers across Africa, the world's first malicious MCP server (is super simple), the release of the Sony CD player 43 years ago, and CRISPR modified yeast to create pollen substitute for the bees. 0:00 - Intro 10:27 - 17:13 - 23:02 - 27:02 - /episode/index/show/secrandom/id/38465470

407: Vampires 09/25/2025

407: Vampires This past weekend, Eric was forgetfully productive. Meanwhile, Jon moved a child into the dorms and battled some radiator problems. On other fronts, AI agents got duped, and self-replicating worms made their way through NPM. Good news: Entra ID tenants dodged a major security event. For a bit of nostalgia, Eric whipped up some lemon bars, and Jon chowed down on pizza. 0:00 - Introduction 9:05 - 13:56 - 18:01 - 22:55 - 25:10 - /episode/index/show/secrandom/id/38358170

406: Triple Square 09/20/2025

406: Triple Square Eric paints and Jon does something I'm sure. Void proxy tackles the complexity of breaking MFA, and Bitcoin ATMs for Scammers. How about a bit of neuromodulation on Pythagorean Triple Square Day. 0:00 - Intro 13:19 - 16:54 - 21:24 - 24:33 - /episode/index/show/secrandom/id/38291420

405: Method Not Allowed 09/12/2025

405: Method Not Allowed Eric updates the mostlysecurity.com vibe. Jon jars honey. Plex asks users to change their passwords. iPhone 17 has new security features. Not to be outdone numerically, 18 Javascript packages were compromised. Eric plays with epoxy and glitter, while Jon reminisces of Perl. 0:00 - Introduction 15:33 - 20:09 - 25:58 - 30:04 - Epoxy and Glitter 33:04 - /episode/index/show/secrandom/id/38204210

404: Not Found 09/06/2025

404: Not Found Eric returns and Jon has a flat tire. Kuiper achieves a gigabit, Google releases fixes for 84 vulns in android, and prompt injection in Comet, Perplexity's AI browser. The Pixel 10 has a crazy good camera, and the third interstellar object ever discovered. 0:00 - Intro 10:02 - 13:13 - 16:00 - 25:57 - 33:04 - /episode/index/show/secrandom/id/38113505

403: Forbidden 08/29/2025

403: Forbidden Eric plays with epoxy resin, Jon has a new calf. Cybersabotage on your ex-employer will get you 4 years. There are 1200 fewer robocallers thanks to the FCC. Password manager plugins for web browsers can be fooled. The Commodore 64 is back and really old honey is discovered in Italy. 0:00 - Introduction 8:53 - 10:22 - 12:57 - 18:39 - 22:47 - /episode/index/show/secrandom/id/38022605

402: Payment Required 08/23/2025

402: Payment Required Eric prints and Jon fixes washer. The Noodlophile stealer propagates via legal infringement claims, and portal auth issues allow control of connected cars. For fun we have book four of the Lady Astronaut series, and using generative AI to create targeted antibiotics for drug resistant diseases. 0:00 - Intro 12:32 - 16:51 - 23:39 - 27:33 - /episode/index/show/secrandom/id/37930460

401: Unauthorized 08/16/2025

401: Unauthorized Eric makes it home from vacation, Jon goes fishing. Tough time to be graduating in Computer Science. DrawAFish.com security incident. AOL discontinues down dial up service. Mendenhall Glacier makes the local news. 0:00 - Introduction 8:24 - 14:34 - 21:48 - 25:06 - /episode/index/show/secrandom/id/37847255

400: Dredge Operator 08/09/2025

400: Dredge Operator Eric's on vacation and Jon wrangles cows. Cloudflare accuses perplexity of stealth scraping tactics, Google tweaks their disclosure policy, Microsoft studies AI impact on jobs, and OpenAI shared chats disclose a little (lot) too much. For fun, how about a hike in the Tetons, and Potatoes from Tomatoes. 0:00 - Intro 11:55 - 16:24 - 20:29 - 29:49 - 39:42 - 41:56 - /episode/index/show/secrandom/id/37743155

399: Cut the Black Wire 08/01/2025

399: Cut the Black Wire Eric has a problem with "smart" smoke alarms. Jon feeds happy cows round bales of hay (but not the fermented kind). Debian making 64 bit time work with 32 bits. A woman is unaware she is working for North Korea. Eric plays tower defense with CSS. Jon finds scarecrow spiders. 0:00 - Introduction 11:31 - 17:30 - 23:21 - 25:14 - /episode/index/show/secrandom/id/37631895

398: Beautiful Bird Songs 07/26/2025

398: Beautiful Bird Songs Eric publishes a book, and Jon is trepidacious. The National Nuclear Security Administration is affected by the Sharepoint attack, and DNS is used as a file transfer system. Amazon buys Bee (Echo, coming soon to a wrist near you), and we're one step closer to a universal cancer vaccine. 0:00 - 14:29 - 18:54 - 26:26 - 30:07 - /episode/index/show/secrandom/id/37561670

397: Schrödinger’s Myrmecophagy 07/19/2025

397: Schrödinger’s Myrmecophagy Eric gets new doors (almost) and Jon gets A/C. Amazon launches more Kuiper satellites with the help of SpaceX. You can use Passkeys to encrypt files and Android get's Gemini whether the user wants it or not. GPS is not the only location game in town and lots of mammals evolved into ant eaters? 0:00 - Introduction 12:22 - 14:56 - 18:13 - 23:11 - 29:10 - /episode/index/show/secrandom/id/37466555

396: Gnawing on Wax 07/12/2025

396: Gnawing on Wax A 4th of July was had by both. An extension hijacking campaign that infected as many as 2.3 million users and software to protect the small web from AI scrapers with computational overhead. For fun we have car tipping (off a cliff!?), and evidence for even more water on Mars. 0:00 - Intro 13:06 - 16:33 - 22:41 - 25:41 - /episode/index/show/secrandom/id/37384080

395: Alliteration is Fun 07/04/2025

395: Alliteration is Fun Hay is Jon's nemesis and Eric has pictures taken. Cloudflare blocks AI Bots by default. After 7 years, Ubuntu disables Spectre protections. ERYAT (Eric reserves yet another truck) and stumbles nostagically across Make Magazine. Jon finds a 4,800 year old Egyptian. 0:00 - Introduction 6:27 - 11:19 - 18:05 - 21:48 - 24:29 - /episode/index/show/secrandom/id/37284555

394: Whether The Weather 06/29/2025

394: Whether The Weather Eric paints and Jon drives. SparkKitty is a new mobile malware searching photo libraries for crypto passphrases, and when is a 16 billion password breach not a breach. Honda has been quietly working on its own rocket, and the JWST images its first new exoplanet. 0:00 - Intro 7:55 - 12:06 - 16:09 - 19:02 - /episode/index/show/secrandom/id/37206155

393: Less Need for Me Right Now 06/20/2025

393: Less Need for Me Right Now Ex? Un? Post? Father's Day activities and Eric tries Vibe Coding. Gemini 2.5 is out of beta. Phone wallets can(?) be hacked. Italy loses its Paragon license. Spaceballs 2! A microbe may be evolving into virus. 0:00 - Introduction 10:34 - 14:03 - 17:58 - 23:53 - 26:54 - /episode/index/show/secrandom/id/37091810

392: Vibe Coding 06/14/2025

392: Vibe Coding Summer is here. WWDC has ... liquid glass? And many android features, evidently. Vibe coding is the "remarkably insecure" inevitable future, and a simple (dumb?) github policy bypass. For fun there's a new season of Phineas and Ferb on Disney+, and researchers discover a way to fully expose HIV in white blood cells. 0:00 - Intro 8:09 - 13:08 - 18:34 - 26:32 - 30:46 - /episode/index/show/secrandom/id/37010455

391: Potentially Being the Operative Word 06/07/2025

391: Potentially Being the Operative Word Graduation and Spring Cleaning. Solar Power systems on the internet. Oregon bans the sale of user's (precise) location data. IRS Direct File both in limbo and on GitHub. A Japanese company sets itself up for "third times a charm" landing on the moon and a brain-computer interface is tested on humans. 0:00 - Introduction 10:53 - 13:56 - 16:00 - 22:58 - 25:20 - /episode/index/show/secrandom/id/36901675

390: Scammer's Paradise 05/31/2025

390: Scammer's Paradise Springtime work and bathroom 'renovations'. Why prompts are the new IOCs and a tool to detect malicious prompts, a guilty plea in the PowerSchool breach from last year, and sanctions against a Philippines based company involved in pig butchering scams. For fun we have the Tianwen-2 launch to collect asteroid samples, and a desktop UV printer on kickstarter that looks amazing. 0:00 - Introduction 14:59 - 17:04 - 18:56 - 22:22 - 27:42 - 30:47 - /episode/index/show/secrandom/id/36799530

389: Spider Overlords 05/24/2025

389: Spider Overlords Eric solves a printing problem with money, Jon follows a band and gardens. Google uses ART to attack Gemini, o2 fixes an oopsie, genetically modified spiders produce red fluorescent silk, and Harvard's copy of the Magna Carta isn't what they originally thought. 0:00 - Introduction 9:56 - 14:36 - 21:28 - 25:02 - /episode/index/show/secrandom/id/36699380

388: Notoriously Difficult 05/17/2025

388: Notoriously Difficult Mother's Day door painting and flower planting. The damages for the NSO hack of WhatsApp (6 years ago!) are now in, how passkeys work, and the breach of the Signal Clone in widespread use by the US Government. A Soviet satellite launched more than 50 years ago crashes back to earth (Finally?!), and livestreaming a volcano off the Oregon coast. 0:00 - Introduction 9:15 - 12:45 - 18:29 - 22:06 - 25:09 - /episode/index/show/secrandom/id/36603925

387: All The Phalanges 05/09/2025

387: All The Phalanges Eric and Jon both had very boring* weekends. Reckless Rabbits and Scattered Spiders discussed along with xAI private keys. Amazon achieves space pinecone and astrophysicists track down the origin of heavy metals (well, some of them, at least). 0:00 - Introduction 7:04 - 10:56 - 13:53 - 17:54 - 20:43 - /episode/index/show/secrandom/id/36514145

386: Prompt Kiddies 05/03/2025

386: Prompt Kiddies Jon mows and auctions, Eric's thinking of game development. Misuses of Claude, World Passkey Day, and the FBI's IC3 report of scam impact in 2024. For fun we have the 'blank slate' -- a small EV truck coming soon, and making geometry dash with redstone in vanilla minecraft. 0:00 - Introduction 10:51 - 15:48 - 19:54 - 27:36 - 32:30 - /episode/index/show/secrandom/id/36419210

385: Dairy Adjacent 04/26/2025

385: Dairy Adjacent Eric makes it home and tries smoking a ham. Jon gets into his front door and the bees are good. Record breaking botnets. Cybersecurity reports. Peep origins. Extraterrestrial life. 0:00 - Introduction 7:38 - 11:23 - 22:46 - 30:12 - /episode/index/show/secrandom/id/36322470

Mostly Security

TOPICS