Network Security Podcast

"The Episode that almost Wasn't"  It's been a day.  Shortly before we were scheduled to start, there was a pop and the power went out at Martin's house.  Rich has issues of his own to deal with.  And Zach is ... somewhere.  It was only because the local electric company responded quickly for the first time I can remember were we able to squeeze in a podcast recording between emergencies.  And now that we've recorded and posted, it's time to put our noses back to the grindstone and work for a couple more hours.

Network Security Podcast, Episode 172
Time:  33:26

Show Notes:

• Heartland CIO criticizes tokenization. Gee considering they have a competing approach this is shocking!


• Congress calls for review of internal cybersecurity after major leak over P2P. Yet another shocking surprise!


• Mellon Bank employee commits identity fraud over 7 years.


• New phishing attack pretends to be from FDIC.


• Robert "RSnake" Hansen releases his "Detecting Malice" EBook. It's very well done.


• Just Say No to FUD. Response to Anton's article.


• Tonight's music: Vanessa Peters and Ice Cream On Mondays with Drowning in Amsterdam
  

Before we proceed with the show notes, may we please have a moment of silence for the passing of Geocities, the last refuge of the blink tag.

(The rest of the show is all about security stuff, and we even have all three of us on together again, but I'm just too chocked up over the death of Geocities for proper show notes. It was as if a million cheesy fan sites cried out, and were suddenly silenced.)

This really is Episode 171, even if I called it 170 at the beginning of the podcast - Martin

Network Security Podcast, Episode 171
Time:  38:54

Show Notes:

• Rapid7 Acquires Metasploit


• Scan of Internet Reveals Thousands of Vulnerable Embedded Devices. Linksys is at the top of the list, surprised? And I don't even blame them. Then again, there's Time Warner routers... all of which are seriously vulnerable.


• Why You Should Never Talk to the Police.


• Obama Nominates DHS Intelligence Chief.


• Rich's off topic article on the first Microsoft Store.


• Tonight's music: Running from the Law by Mean Gene Kelton and the Die Hards
  

For the first time in a long time, Martin, Rich, and Zach are all together on the podcast. Sorry we missed last week, but we've all been dealing with job changes (Zach and Martin) or vacations in tropical paradises (Rich).

After a brief wandering to talk about Halloween preparations, we get back on topic and catch up with some new stories, and a few from the week we missed. We talk about the evolution of security professionals, tokenization, and how the Danger/Sidekick thing had nothing to do with cloud computing.

Network Security Podcast, Episode 170
Time:  34:12

Show Notes:

• Josh Corman's FUDSec post on the evolution of security.


• Tokenization for payment transactions.


• Most Sidekick data recovered, but many unanswered questions.


• Mozilla blocks Microsoft plugin. Then they don't.


• Google Voice mails searchable if you make it public. Duh.


• Tonight's music: FadeOut with Sanctuary
  

Rich is spending a well earned vacation with his wife somewhere south of the border.  Normally this means I'd get in touch with Zach, but this week he's north of the border at SecTor.ca.  With any luck, Zach will be able to pick up a few interviews with some of the cool kids who got to go play in Toronto.  In the mean time I was left to fend for myself and called upon one of the people who got me involved in podcasting to begin with, George Starcher.  While George no longer has his own podcast, he's a regular on the Typical Mac User Podcast, but is willing to put up with a Windows user like me.

Network Security Podcast, Episode 169, October 6, 2009
Time:  27:09

Show Notes:

• Hackers breach payroll giant, target customers 
  
• Microsoft Security Essentials review
• Lawsuit:  Heartland knew data security standard was 'insufficient'
  
• Breaking:  Thousands of Hotmail passwords leaked online - And now we know that tens of thousands of other mail service accounts are similarly compromised.
• Wireless network modded to see through walls
• Dungeons and Dragons Spellcasting Soda - If you've got a spare case or two of this stuff lying around, please feel free to send it my way.  
• Tonight's Music:  Black Berry Girl by Porter Block
  

Despite a short discussion of Rich's paranoia in the opening of the show, we mostly play it straight and stick to the security news. We found a few interesting stories this week, and the major theme seems to be "stupidity". On one side is a prison that let an inmate reprogram their computer system, on the other a money-mule for scams that thought sending money-grams to foreign countries was a legitimate "work at home" job.

Sigh.

Network Security Podcast, Episode 168
Time:  29:53

Show Notes:

• Inmate locks staff out of prison computers. Multiple levels of hilarity ensue.


• Microsoft releases free antivirus. World doesn't end. (Yet).


• SMB2 exploits become public. World doesn't end. (Yet).


• NIST releases smart grid security guidance.


• A money-mule's story. Fascinating level of naivete.


• Tonight's music: Caught by Emma Wallace

Before we dig into this week's security news, we diverge (slightly) to talk about Emergency- This Book Will Save Your Life and disaster planning. I (Rich) read the book last week and found it to be a ton of fun; it's the story of a journalist who slowly descends into the rabbit hole of the survivalist community. Well written, with plenty of good advice and stories. It's not really a survival guide, more of a personal story and lessons learned.

I had a bit of a shock as I realized that most of my disaster plans aren't relevant anymore as my life status has changed. I used to be single, in Colorado, and part of the response infrastructure (which means access to a ton of resources). Now I'm married, with a child and pets. I can't really run off with a backpack and play hero if something bad hits.

We also delve into some IT related disaster planning, so this isn't a complete non-sequiter.

Network Security Podcast, Episode 167
Time:  32:13

Show Notes:

• Chinese researchers figure out how to take down the West coast power grid by hitting a smaller provider. Oh joy. At least they disclosed it.


• Some idiot logs into Facebook while robbing a house. This is now my favorite dumb-criminal move of the year. Oh wait, did I forget to mention he left himself logged in after he left?


• Some site claims to hack any Facebook account for $100. Or to pretend to hack it for $100. You get to guess which one it is.


• Court rules that just because you did something your employer didn't like with authorized access to a computer, it isn't a computer crime. Well done.


• Researchers come up with an idea for a new home security markup language. Good intentions, not sure it will matter.


• RSnake on Star Trek and security. If you read one post this year, it should be this one.


• Tonight's music: Me and by Wife by Root Doctor

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

You'd think that after taking off last week Rich and I would be back and better than ever this week.  But Mr. Mogull had a speaking engagement elsewhere this week so I was joined once again by Zach Lanier of N0where.org.  In fact, Zach has agreed to join us on a regular basis and will be contributing a weekly segment where he'll be doing a deeper dive on a news story each week.  At least that's the plan at this time, but those are always subject to change.  I also had a chance to interview Tim Mather about his (along with Subra Kumaraswany and Shahed Latif) upcoming book, Cloud Security and Privacy.  I find it interesting to hear about how much the idea of the Cloud has changed since Tim started work on the book. 

Network Security Podcast, Episode 166
Time:  40:14

Show Notes:

• FBI Jobs site gets hacked - SQL Injection against an FBI site?  I'd be embarrassed.
• University research exposes potential vulnerabilities in cloud computing - Emphasis on the 'potential', but it's an issue we do have to beware of.
• End-to-end encryption:  The PCI security Holy Grail - It all depends how we define 'end-to-end'.
• All TI signing keys factored
• Tonight's music: Black Rebel Motorcycle Club with Whenever You're Ready
  

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

Rich is off talking at a local OWASP meeting and I'm sitting at home tonight trying to figure out Overlord.  My kids are finally adjusting to being called Minion 1 and Minion 2.  Rich and I hit some of our favorite topics like PCI and Apple updates, as well as gaming DDoS attacks and rules about searching your laptop.  It should be no surprise to anyone that Rich and I would both like to go back to a time where actual evidence was needed before you can take a traveler's laptop.

Network Security Podcast, Episode 165, September 1, 2009
Time:  33:29

Show Notes:

• Security expert's PCI analysis misguided, says PCI Council GM - I'm very glad that Bob Russo is paying attention to the conversation about PCI.
• Some follow-up questions for Bob Russo, GM of the PCI Council - Rich's response to Mr. Russo's post at SearchSecurity.  And Mr. Russo's comments on Rich's post.
• China game boss sniped rivals, took down Internet
• DHS:  Secretary Napolitano announces new directives on border searches of electronic media
• 'New' travel search rules just won't fly
• AV makers fault Apple on Snow Leopard malware scanner
• Peering inside Snow Leopard security - I forget sometimes that Rich really is one of the experts on this topic.
• Tonight's Music:  Black Rebel Motorcycle Club with Weapon of Choice

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

Rich and I are both a little short on time today, so it's a good thing I recorded an interview with Gregory Conti, West Point professor and security author last week.  We have a couple of stories we go over briefly and no lack of opinions to go with them.  In other words, pretty much the same as every week.

Network Security Podcast, Episode 164
Time:  41:01

Show Notes:

• Hacker ring tied to major breaches just the tip of the iceberg - Oh goody, there's more coming down the pipeline that we haven't heard of yet!
• Breaking News:  Mac OS X Snow Leopard built-in AV? - Does anyone care?  But it does give Rich a few minutes to gush about the security updates in 10.6.
• Greg Conti - Author of Googling Security and Security Data Visualization.  But not the guy you want designing your next web site.
• Tonight's Music:  Swampcandy with Devil in her Suitcase
  

Martin is back this week as we discuss some of the most fascinating drama to come out of the security world in quite some time. As the initial indictments for the Hannaford and Heartland breaches go public, all sorts of fascinating tidbits emerge. There are double crossing informants, Russian connections, and secret breaches that haven't hit the public yet. We also finally learn exactly how most of these breaches occured. Heck, it's almost interesting enough for a TV movie!

Network Security Podcast, Episode 163
Time: 38:44

Show Notes:

• Rich writes a letter to the CEO of Heartland. He is not expecting a Christmas card.
• Rich covers all the drama of the Heartland and Hannaford breach indictment.
• ATM skimming ring hits Chicago. And the banks didn't bother to warn anyone.
• Hackers reverse-hack the police that busted them in Australia.
• DNA evidence can be fabricated.
• Tonight's Music:  Coffee Man by Calvin Owens
  

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code "HHUSA-MM-AP999"