Network Security Podcast

After missing last week due to overlapping travel, we're back this week with all three of us (although Rich is a bit under the weather). It's the usual weekly roundup with only a minor diversion to talk about some thingy that some computer company announced with an "i" in the name.

Network Security Podcast, Episode 183
Time: 40:24

Show Notes:

• Latest Poneman study says breach costs rise slightly again. But you really need to take this number with a boulder of salt.


• Did someone say iPad?


• Sophos says Facebook is the biggest social media risk. Duh.


• Twitter mass password reset due to phishing.


• Google to pay (a little) for Chrome bugs.


• Tonight's music:Blame the Villain by cafebar 401

 

Somehow we’ve managed to get Martin, Rich, and me together on a fairly regular basis. Pretty impressive (superhero-like, even). It seems as though I was full of more beans than usual, taking a few playful jabs at Rich (something about goat smuggling) and Martin (butterfly tattoos, if I recall correctly). While we had a bit of fun, and actually talked about security, I get the overwhelming sense that schedules are about to go haywire again. Oh, well. C’est la vie!

Network Security Podcast, Episode 182
Time: 38:30

Show Notes:

• Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF – the NSA’s guide to scratching that nasty metadata from your documents (this came from listener feedback)
• Official Google Blog: A new approach to China – They’re movin’ out — after intruders move in.
• The attack on Google: What it means – Andy Jaquith’s distillation and take on the debacle
• Does the Fourth Amendment cover ‘the cloud’? – You may think you own your data…
• Darpa: U.S. Geek Shortage Is National Security Risk – Call of Duty: Uncle Sam Needs Nerds
• Operation “Aurora” Hit Google, Others – McAfee’s George Kurtz discusses the coordinated attacks against Google and others
• An Insight into the Aurora Communication Protocol – McAfee’s analysis of the protocol used by the malware involved in “Operation Aurora”
• Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack – Tavis Ormandy drops some privilege escalation 0day affecting all NT-based versions of Windows from 3.1 to 7
• Tonight’s music: “Devil Comes to Town” by The Hillbilly Casino

Did you ever do something that you knew wouldn't end well, but you had to try it anyway?  That pretty well describes this week's episode in a nutshell.  Martin's at home, Zach's at home, so of course Rich had to be gallivanting around the countryside playing with his Verizon Mifi, an iPhone and Skype.  Any one of those technologies by themselves have made grown podcasters cry, so we knew from the start this episode was doomed.  I'm glad to say we got a show out of this afternoon's comedy of errors, but it'd be a stretch to say this is in the top 5 shows so far this year.

Network Security Podcast, Episode 181
Time: 30:16

Show Notes:

• IT Job satisfaction at an all time low - How's job satisfaction in the Security sphere?
• Kasumi, aka A5/3 also cracked - Isn't this the replacement for A5/1?
• SSL & TLS "solution"
• Win2K and XP SP2 off life support
• Airport scanners can store and transmit images - Why are we surprised?
• The Great PCI Security Debate of 2010, Part 1 - Part 2 coming to a blog near you!
  
• Tonight's music:  Carrie Catherine with Biggest Mistake
  

The year 2010 is starting with a whimper, not a bang.  Yesterday morning it was announced that Securosis and Security Incite are merging, so we had Adrian Lane and Mike Rothman on the show to talk about the event.  A little over halfway through the show, Martin's internet access suddenly died and the rest of the crew were left to have great fun at his expense.  There was not an earthquake, but rather a 'backhaul issue' at the ISP, whatever that means.  At least that's better than a 'backhoe issue', which would probably involve a lot of fiber suddenly going dark.  In any case, we finished the show, but this not a great omen for the new year.  Unless you're Rich and Zach, who found the whole thing very amusing.

Network Security Podcast, Episode 180, January 5, 2009
Time: 42:34

Show Notes:

• GSMA to review security hack this week - Moving on to the next stage of denial, we have the GSMA.


• TSA iPhone App is like Yelp for Pre-flight Pat-downs - Rate the TSA from your iPhone.


• TSA Threatens Blogger Who Posted New Screening Directive - Subpeonas do not equal search warrants


• TSA Withdraws Subpoenas Against Bloggers - Maybe the heavy handed tactics weren't such a great idea after all.


• No music tonight

We close out the year with a somewhat irreverent show that includes sexy security professionals, discussions of security and  underwear, and a special guest appearance by Jack Daniels. Zach, Martin and Rich are all present this week as we mix a bit of the lighthearted with the regular security news.

Have a happy New Year!

Network Security Podcast, Episode 179, December 29, 2009
Time:  33:57

Show Notes:

• Jack Daniel, the number 1 sexiest infosec security geek of 2009, joins us to discuss this highly-respected award. (Zach was so jealous he made his own list, and put himself on it).


• Post-underwear-bomber TSA security directives leaked. They are more stupid and worthless than expected.


• GSM encryption cracked in the open. The GSM alliance responds as expected by pretending, "it really isn't that bad... an attacker needs special skills and equipment, and it's really hard." Er... haven't we heard that one before?


• Twitter bans commonly-guessed passwords. Have fun by combining them!


• Brian Krebs leaves the Washington Post. Dumb move by the post letting him go, but it might mean even better stories for the rest of us!


• Tonight's music:  Keep it Clean by Mike McGill
  

A Tonight's show is a bit longer than usual thanks to a segment with our wayward contributor Zach and an interview with Metasploit founder HD Moore. HD is now also the CSO of Rapid7, making him quite the busy boy. And, since we can't help ourselves, Rich and Martin still cover some of this week's top stories.  And everyone managed to be on a high speed internet connection, so the audio quality is great this week.  Don't worry, we're sure it will return to normal soon.

Have a Merry Christmas and we'll talk to you next week.

Network Security Podcast, Episode 178, December 22, 2009
Time:  53:27

Show Notes:

• Military UAV communications are not encrypted.


• Twitter's DNS changed via account credentials being compromised.


• DECAF anti-forensics tool was a hoax.


• Howard Schmidt named White House Cyberczar.


• Tonight's music:  I'd Rather be Naughty by A Don't Hug Me Christmas Carol
  

Like ships in the night we pass in the night.  Or at least like the road warriors we are, we find a few minutes to record a podcast in between calls and running to the airport.  2009 may be winding down for some, but I don't think any of us on the podcast feel even remotely like things are getting calmer.  Luckily we have an interview of Wade Baker from Verizon Business talking about the 2009 Data Breach Investigations Supplimental Report to take up some of the slack.  You may find Wade's voice familiar, Martin talked to him at the RSA Conference 2009 earlier this year when the original Breach Report came out.  Zach is still MIA, though we have it on good authority he's trying to make it back from where he is for next weeks show. 

Network Security Podcast, Episode 177, December 15, 2009
Time:  39:01

Show Notes:

• National data breach notification bill passed in U.S. House - Not a law yet, thankfully.
• Verizon Business 2009 Data Breach Investigations Supplemental Report
• Tonight's music:  Really, really weird by The Simple Carnival
  

It's getting close to Christmas, so you might think things would be slowing down a little.  You might think that, but you'd be wrong of course.  Rich is hip deep in alligators, and while Martin is home this week, he's got wildlife of his own to contend with.  Depending on your point of view, you might therefore consider it lucky that Rich snagged an interview with Carl at 1Password and let his fanboi roots show again.  The good news is this keeps the patter between hosts down to minimum, but the bad news is it means we have a slightly long podcast this week.  And we'll be back with another interview next week as well.  Anything to take a little of the pressure off the hosts.

Network Security Podcast, Episode 176, December 8, 2009
Time:  48:11

Show Notes:

• Note to self:  2009 Holiday Gift List - Our friend Amrit at his snarkiest.
• TSA Spills the beans:  Security manual posted online - Did they put whiteout on their display as well?
• Tonight's music:  Waves of Confusion (Acoustic) by Gerard Smith
  

How fast can you pull a podcast together?  Pretty darn fast when you're properly motivated!  Rich is pulling recorder duty once again, Martin is on the road in Southern California and Zach is ... somewhere.  So we pulled a few stories together last minute and recorded one of the shorter podcasts recently.  Things are promising to slow down for the rest of the holiday season and we should be able to get back into the normal swing of things for at least a few weeks.  But I'm not holding my breath.

Network Security Podcast, Episode 175, December 1, 2009
Time:  25:39

Show Notes:

• Microsoft:  Patches did not cause Black Screen problem


• Clientless SSL VPN products break web browser domain-based security models - That's right, they're all broken (almost all)


• Hackers attempt to take $1.3 million from DC firm


• IBM buys database security firm Guardium


• Tonight's Music:  The Road I Travel by Benny Bruce