Network Security Podcast

Unless you were hiding under a rock the last few weeks you've probably heard about the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) and their even more evil brother Anti-counterfiting Trade Agreement (ACTA).  Many sites went dark last week, including Securosis, in protest and SOPA/PIPA were at least stalemated for the moment, if not entirely defeated.  And since it's a big story, we decided to discuss it at great length, probably saying many things that have been said by much smarter people than us.  At least we hope it's the smart people we're agreeing with.

Zach was unavailable tonight, so we had to pull in two special guests in order to replace him.  First off, Rich's partner in crime at Securosis, Adrian Lane, joins us.  Second, we're joined by Liquid Matrix author and friend of the show, Jamie Arlen, aka @myrcurial.  Jamie brings a little bit of an outsider's viewpoint to the conversation as he's not native to the Phoenix area and comes to us from north of the border. 

No real show notes tonight, if you're intersted in learning more about SOPA/PIPA/ACTA, do a little Googling.  Or just go to the Electronic Frontier Foundations web site. 

Network Security Podcast, Episode 265, January 24, 2012

Time:  55:00

Tonight's music:  Signs are Signs by The Midnight Hour

As Zach prepares for his jaunt down to Miami Beach, Rich waxes paranoid about his newfangled Microsoft-powered car -- and the prospect of Martin remotely hacking throttling the engine.  It's hard to imagine a few of Rich's 'friends' won't try hard to get their hands on his new remote and the system port on his car.

(Also, check out our nomination in the Social Security Bloggers Awards -- and vote if you're eligible to do so!)

Network Security Podcast, Episode 264, January 10, 2012
Time: 37:31

Show Notes:

• Exploit Code Released for ASP.NET Flaw
• Zeus returns: FBI warns of 'Gameover' ID-theft malware
• Boycott SOPA: An Android app that terrifies publishers and politicians
• Defensive search-and-destroy "virus" delivered to Japanese government
• Symantec Confirms Hackers Accessed Source Code of Two Enterprise Security Products
• Tonight’s Music:  Boo Boo Davis with Standing at the Fishbank

It's our first show of the New Year... wherein Rich describes server upgrades good and bad, being a victim in a data breach, and we discuss the rest of the latest news. We have to say, it's a weird start to the year.

Network Security Podcast, Episode 263, January 3, 2012
Time: 36:45

Show Notes:

• Most websites vulnerable to single-source, low-bandwidth DoS attack.
• Stratfor breached over the holidays.
• Hackers in space?
• China all annoyed they have data breaches like the rest of the world.
• Tonight's Music:  Trouble in Mind by Cephas and Wiggins

This is Martin, and while I know we said we weren't going to do another podcast this year, I got started talking to Martin Fisher over at the Southern Fried Podcast and we decided, "What the heck, let's do one more this year and thank all our listeners for supporting us!"  It was supposed to just be the two of us, but Rich happened to be available.  It was also only supposed to be a few minutes, but when you get the three of us going, it obviously has the potential for going long. 

All three of us are very greatful to our audiences, and I think I can say the same on behalf of our co-hosts.  The year has had its ups and downs, but I believe we're ending it on a high note.  I hope your life is doing the same and that you have a good ChrisHanaKanzamas or whatever you celebrate this time of year.  At least celebrate a few days off, if nothing else.

Souther Fried Network Security Podcast Christmas Special

Time:  25:29

A discombobulated Martin and a sleep-deprived Zach get together for the final episode of 2011 (and Rich isn't around to join us -- tsk tsk). This week's stories seem to be more of the same -- surveillance, leaks, and dumb legislation. Here's to hoping for a brighter 2012.

Network Security Podcast, Episode 262, December 13, 2011
Time: 30:00

Show Notes:

• DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit
• Who Knows What Youhavedownloaded.com?
• Carrier IQ: Bug made some keypresses, message data accessible
• The Infosec Naughty List & The Twelve Charlatan’s of Christmas
• Kaspersky Lab Quits Business Software Alliance to Protest SOPA
• Senator Wants Answers from DHS Over Domain Name Seizures
• Tonight's Music:  Dog Days by Amy Speace

When Rich isn't around to take up most of the time, Zach can actually be pulled out of his shell to talk for a little while.  Or maybe it's just when there are two hosts on the podcast there's more time to talk.  In any case, Martin and Zach went a little long this week as well as deep into paranoia land.  And there's so much in the news right now to push us there.  It's kind of scary when you start to realize that as much communication as modern technologies allow, they also allow a lot of very deep surveillance.  Which we as a society seem to be okay with.

Network Security Podcast, Episode 261, December 6, 2011
Time: 42:13

Show Notes:

• India asks Google, Facebook to screen user content
• Carrier IQ:  The Real Story
• 9 Reasons Wired readers should wear their tinfoil hats
• The impact of cloud computing on IT jobs
• C|Net Download.com is now bundling Nmap with malware!
• RIM issues statement about the Playbook Dingleberry root
• Top 25 security influencers you should be following
• Tonight's music:  Echoes and Falls by Senor Happy (in honor of the echo chamber)

Believe it or not, all three of us managed to get together for a nice post-holiday show. After a brief discussion of pepper spray for holiday shopping, we jump into a nice menagerie of stories.

Network Security Podcast Episode 260
Time: 35:16

Show Notes:

• Security researchers claim they can set your printer on smoke. Sorta. 
• Facebook privacy under EU scrutiny.
• What Facebook keeps on one user.
• Self service lanes in 20 stores fitted with card skimmer.
• Four hacking suspects tied to terrorism.
• Thanksgiving night shopping bigger than Cyber Monday?
• Tonight's Music:  Pouring by scarlet/blonde

Rich and Martin are together for the first time in about 6 weeks thanks to all our overlapping travel. We are joined by Marisa Fagan who tells us about BayThreat- one of the only actual security conferences in the Bay Area (and a really good one). Then Marisa leaves and Rich and Martin jump into the security news.

Network Security Podcast Episode 259
Time: 39:43

Show Notes:

• BayThreat
• Government certificate used to sign malware.
• Massive clickfraud ring broken up in Estonia (you were probably their victim).
• Researchers find OS X sandbox security hole.

We're still scattered to the wind and getting together for a podcast is proving to be nearly impossible.  Luckily Martin was able to get a couple of podcasts from BSides DFW this weekend, so there's a podcast, short as it is.  It's almost enough to make you wonder if having a successful helps make you so successful you can't have a podcast. 

Michelle Klinger and Joseph Sokoly were the motivating forces behind making BSidesDFW happen again this year.  Thanks to their efforts a over 180 people were able to get together to see and here some great speakers.  Jayson Street was one of them, though he got the short straw and had one of the first slots of the day.  Pepsi Zero helped him through it however.

Network Security Podcast, Episode 258

Time: 16:28

Tonight's music:  Five Feet from Paradise by Eleanor Fye

Tonight Martin is speaking to Josh Corman, Akamai co-worker, and HD Moore, creator of Metasploit and Rapid7 CTO.  Josh came up with the idea of HD Moore's Lawa couple of months ago, the idea that the strength of the casual attacker is roughly equivalent to what Metasploit is capable of.  If your corporation isn't capable of defending yourself against Metasploit, you're not going to be able to defend against these casual attacker and you're going to be wide open to more sophisticated attackers.  Josh explains the concept and what it means to security and HD talks about the fact that Metasploit helps give security teams a measuring stick for their security. Zach, Rich and Martin are all incredibly busy and are trying to figure out how to fit the podcast into the constraints of our schedules.  We may have to skip a number more weeks between now and the end of the year, but we're trying desperately to get our lives under control. Network Security Podcast, Episode 257 Time:  30:09 Show Notes:

• HD Moore's Law - Josh's blog post
• Metasploit project