I've seen great people in our industry crushed under the weight of the
secrets they carry into a singularity from which no information can emerge.
In some ways the lesson from apache_nosejob.c
<https://www.exploit-db.com/exploits/21560> was that we cannot take
ourselves seriously, that at the heart of our discipline there must remain
a jester, that we must float upon the stream of endless information rather
than absorb it into our darkened core.
To that end I often listen to infosec podcasts while doing other things:
1. The Three Buddy Problem
<https://securityconversations.com/podcast/security-conversations/> with
Ryan Naraine, Costin Raiu and JAGs. This is probably my new
favorite podcast, with an uncensored take on current infosec events,
largely from an incident response standpoint, but in general covering all
the bases and courageously offending everyone at great length.
2. Risky.Biz <https://risky.biz/RB775/>: Still excellent after all these
years, partially because Adam is such an experienced penetration tester and
Patrick is a good host, and I generally learn things about events that are
poorly covered in the news from their perspective, without having to go
through and do fact checking myself (aka, why the Struts bug is so bad,
etc.)
Also, happy New Year everyone!
-dave
