Network Security Podcast

Rich is dealing with some sick babies, so Martin and Zach inadvertently make the show about corporate and government (not just the U.S. this time!) surveillance.

Network Security Podcast, Episode 312, May14, 2013

Time: 38:26

Show notes:

• How the Syrian Electronic Army Hacked The Onion
• U.S. Weighs Wide Overhaul of Wiretap Laws
• FBI’s Latest Proposal for a Wiretap-Ready Internet Should Be Trashed
• Bloomberg reporters allegedly used financial terminals to spy on Wall Street
• A Saudi Arabia Telecom's Surveillance Pitch

• Tonight’s Music: London Girl by Lato

What didn't make the show:

• Banks Say Fed Should Lead in CyberSecurity for Industry (oddly, hosted on Bloomberg news)
• State Department Demands Takedown Of 3D-Printable Gun Files For Possible Export Control Violations
• Apple deluged by police demands to decrypt iPhones

Long show with short notes this week as Wade Baker of Verizon and Josh Corman of Akamai join us to talk about the Verizon Data Breach Investigations Report.

This is a must-read report and our short podcast can't possibly do it justice, but we made our best effort.  Listen to the end, we have some big news!

Network Security Podcast, Episode 311, May 1, 2013

Time: 48:49

Show notes:

• The 2013 Verizon DBIR
• Tonight’s Music: Tipping - Marucci - Dube  with I'm Confused

After a hectic couple of weeks -- conferences, travel, and city-wide lockdowns -- recovery is sorely needed, but we push through a relatively lively show with a teaser for a bigger debate^Wdiscussion slated for next week.  And somehow the podcast just keeps getting a little longer every week.

Network Security Podcast, Episode 310, April 23, 2013

Time: 43:06

Show notes:

• Japanese police ask ISPs to start blocking Tor
• Post Boston: Privacy advocates warn about coming tsunami of surveillance cameras
• Law professor makes a case for legally recognizing the Dangers of Surveillance
• US House of Representatives passes CISPA cybersecurity bill
• Hacking Trial Devoid of Hacking Awaits Jury Verdict
• The update jungle: PC owners have to watch 24 sources for fixes
• Sources: Tea Leaves Say Breach at Teavana

• Tonight’s Music: We've Gone Crazy by Soul of the River

What didn't make the show:

• Sources: Tea Leaves Say Breach at Teavana
• Silicon Valley companies quietly try to kill Internet privacy bill
• The Bearer of BadNews
• Former Hostgator employee arrested, charged with rooting 2,700 servers

Due to a last minute work engagement, Rich is not present on tonight's show. Martin and Zach attempt to compensate for Rich's absence by being snark but also half-asleep.  We'll leave it to you to figure out which half of that we feel is most like Rich.

Network Security Podcast, Episode 309, April 9, 2013

Time: 41:04

Show notes:

• Apple's iMessage encryption trips up feds' surveillance
• Google will fight secretive national security letters in court
• Privacy group calls for changes in CISPA cyberthreat sharing bill
• Unlocking the Motorola Bootloader

• Key Lulzsec hackers plead guilty in London courtroom

• What didn't make it into the show:

• Letting Down Our Guard With Web Privacy

• PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 released (update to a story last week)

• Tonight's Music: Green Druid with Night Dance

Getting three security professionals to slow down long enough to record a podcast together is always a challenge and tonight was harder than usual.  Part of the problem is that there are so many interesting stories going on right now.  But the fact that we all have jobs and families is a much bigger part of it.  This week we talk about HSM in the cloud, DDoS attacks, and of course, our government spying on us.  Such unfamiliar territory.

Network Security Podcast, Episode 308, April 2, 2013

Time: 40:17

Show notes:

• AWS CloudHSM - Secure Key Storage and Cryptographic Operations
• Killing hackers is justified in cyberwarfare, says NATO-commissioned report
• Spam dispute becomes 'largest cyber attack' in history of the internet
• The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)
• That Internet War Apocalypse Is a Lie
• Government Fights for Use of Spy Tool That Spoofs Cell Towers
• FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
• Permission to Spy: An Analysis of Android Malware Targeting Tibetans
• Security fix leads to PostgreSQL lock down
• Tonight's Music:  Copesetic with My Old Soul

Well, we'd hoped to avoid the "sleep deprivation" part, but it doesn't look like that's going away any time soon. Regardless, we scrounged together a show this week, discussing "hacking", "anti hacking" (law), and the perils of social networking.

Network Security Podcast, Episode 307, March 26, 2013

Time: 39:40

Show notes:

• Miami's Voter Fraud Is Only the Beginning of Election Hacking
• Draft House Judiciary cybersecurity bill would stiffen anti-hacking law
• South Korea data-wipe malware spread by patching system
• Weak keys in NetBSD
• mongodb – SSJI to RCE
• FireMe!: A Running List of People Tweeting How Much They Hate Their Jobs
• Tonight's Music: Open Our Eyes by amplifico

My second interview at RSAC 2013 was with Bromium CTO and founder, Simon Crosby.  I've been hearing about Bromium as the next big idea in security for a while now from people who should know (Like Rich) and I wanted to hear about it straight from the horses mouth.  The ideas behind Bromium are fundamentally different from many of the anti-malware tools (*cough*AV*cough*) we have available to us today.  Now to see if it'll hold up to the attacks that will be coming against Bromium as it becomes more popular.

BTW, this interview breaks the 'normal' microcast format of 5-10 minutes.  But I think it was worth the extra time.

NSP Microcast, RSAC2013:  Bromium

Time:  17:41

Here's the first of the interviews that were recorded at the 2013 RSA Conference in San Francisco, CA at the end of February.  My first interveiw was with Michael Markulec, CEO of Lumeta.  Micheal and I talk about the importance of knowing what's on your network, which has become even more important as the BYOD movement has more devices beyond your control showing up on your network every day.  I apologize for the background noise, I made several mistakes in setting up my mics at RSA.

NSP Microcast, RSAC 2013:  Lumeta

Time:  8:42

After another two-week hiatus, the gang is able to pull off a show (despite some serious jet-lag and sleep deprivation). Maybe, JUST MAYBE, we can keep this trend up (the recording part, not the "ridiculously tired" part).

Network Security Podcast, Episode 306, March 19, 2013

Time: 33:24

Show notes:

• Indicators of Impact — Ground Truth for Breach Impact Estimation
• A Real-Life Prison Break for Ugly Gorilla?
• The World Has No Room For Cowards
• The Lesser of Two Weevs
• National Security Letters Are Unconstitutional, Federal Judge Rules
• Tonight's Music: We are the Living with London Rain

Now both Rich and Martin are M.I.A.! Well, that is to say, Rich just had a new child, and Martin is tearing up Boston with his coworkers. Jack Daniel joins as guest co-host this evening, with Zach running the show (perhaps poorly) -- so, relative chaos ensues. We discuss YAJ0 (Yet Another Java 0-Day), sudo-lolz, and -- of course -- Ridiculous Security Assembly USA 2013. ;)

Network Security Podcast, Episode 305, March 5, 2013

Time: 29:33

Show notes:

• Evernote hack shows that passwords aren't good enough
• Java 0-Day Countdown
• YAJ0: Yet Another Java 0-Day
• Security Alert CVE-2013-1493 Released
• New Java 0-Day Attack Echoes Bit9 Breach
• Security vulnerability in sudo allows privilege escalation
• White House, FCC Chairman Support Legalizing Unlocking of Mobile Phones