Josh and Kurt talk about some security researchers sort of taking over the .MOBI whois server. The story is a bit sensational, but we ask if it really matters? There are a lot of interesting possible attacks, but turning something like this into a good attack is really hard, maybe impossible. The researchers presented the findings in a very reasonable way.

• We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
• Heinz says sorry for ketchup QR code that links to porn site

Josh and Kurt talk to Jay Jacobs about Exploit Prediction Scoring System (EPSS). EPSS is a new way to view vulnerabilities. It's a metric for the likelyhood that a vulnerability will be exploited in the next 30 days. Jay explains how EPSS got to where it is today, how the scoring works, and how we can start to think about including it in our larger risk equations. It's a really fun discussion.

• Jay Jacobs on LinkedIn
• EPSS
• Jay's graph animation
• Cyentia's A Visual Exploration of Exploits in the Wild

Josh and Kurt talk about Chrome unexpectedly going EOL on Ubuntu 18. Keeping old things alive is really hard to do, and in open source it's becoming more common to just run the latest version rather than trying to keep old versions alive for long periods of time.

• Chrome dumped support for Ubuntu 18.04 – but it'll be back
• Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is 'the only thing that matters'
• Pidgin backdoor