#115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity

Summary
Security researcher Scott Helme tells me how Content Security Policy and SubResource Integrity are used to fight cross-site scripting.

Details
Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott's upcoming events; training.

Links
Scott's blog

Scott's CSP Wizard

Download mp3 of podcast

#114 Kee Jeffreys, Loki Privacy Network

Summary
Kee Jeffreys talks about Loki, a privacy network for secure financial transactions and communications.

Details
Who he is, what he does. What Loki is, differences from WhatsApp/Signal/Telegram, issues with peer-to-peer. Sending money with Loki. Why we need more privacy. How Loki works; how metadata gives you away; how the nodes work, incentives. Size of the network. Open source. Poisoned nodes. What Loki will do if a crypto weakness is discovered. Compromised client hardware. How Loki is funded. Money laundering. Encrypted message apps and deaths. Australian laws affecting Loki.

Links
Videos by Loki

Download mp3 of podcast