Windows auto-updating, fuzzing, git (yes, again), and more of the ongoing Apple vs. FBI case. We also talk about BYOD (Bring Your Own Devices).


Starts at 00m32s.


Starts at 1m30s.

I was drinking a PBR (yes, I know. Again.), Paden was drinking Buckeye Vodka, and Jthan was drinking Upslope Pale Ale.

  • I’m pretty sure the “free upgrade” to Windows 10 was a precursor to the nigh-forced upgrade.
    • We touch upon some reasons why this is actually a bad idea, despite our hard-on for keeping software updated.
    • Mac OS X does this but on a policy level. This is an example of the packaging changes I talk about.
  • Fuzzing is fun! (8m40s)
    • There are a lot of fuzzers out there. AFL is a nice one. Keyfuzz is a keyboard driver fuzzer! Wfuzz is a fuzzer for websites. ZZUF is a generic input fuzzer for applications, etc. There are a lot of fuzzers out there. For testing netkit, though, I’d definitely start with the BlackHat preso on it.
    • Of course, just doing a netcat somebox.with.telnet.open 23 < /dev/urandom is always fun- see how long it takes before the thing crashes (or the target severs the connection)!
    • The beginner’s guide to fuzzing is here.
  • Git is awesome (15m00s)
  • The FBI vs. Apple case is still a big deal. (20m48s)
    • This is what happens when enforcement agencies want protection circumvented for them.
    • It’s not legal to force Apple to write a backdoor.
  • “Bring Your Own Devices” can be an issue (29m15s)


  • I state that Tunnelblick is the “best” OpenVPN option for Mac OS X, but my boss (which I just found out listens to the show, apparently) mentioned Viscosity. It’s a bit prettier and easier to use, and was definitely worth a mention. I had totally forgotten about it! Unlike Tunnelblick, however, it’s not free/libre (9USD). They also, apparently, have a Windows port (which Tunnelblick does not- and the OpenVPN-provided GUI for Windows is atrocious). Another alternative is Shimo.


