Tue, 10 November 2009 It's one of those glorious days we all look forward too; all of the
regular hosts of the podcast are on the road and in most cases
thousands of miles from home. Luckily we planned ahead and this week
Martin is joined by Adrian Lane of Securosis instead of the usual cast
of characters. We recorded a couple of days early so that we'd have a
podcast out, even though we probably missed one or two breaking
stories. Not that we'd know, since we're all on the road and have
limited access to our news feeds and Twitter.
Network Security Podcast, Episode 173, November 10, 2009
Time: 31:45
Direct download: nsp-111009-ep173.mp3 Category: podcasts -- posted at: 6:10 PM |
|
Tue, 3 November 2009 "The Episode that almost Wasn't" It's been a day. Shortly before we
were scheduled to start, there was a pop and the power went out at
Martin's house. Rich has issues of his own to deal with. And Zach is
... somewhere. It was only because the local electric company
responded quickly for the first time I can remember were we able to
squeeze in a podcast recording between emergencies. And now that we've
recorded and posted, it's time to put our noses back to the grindstone
and work for a couple more hours. Network Security Podcast, Episode 172
Time: 33:26Show Notes:
Direct download: nsp-110309-ep172.mp3 Category: podcasts -- posted at: 8:02 PM |
|
Tue, 27 October 2009 Before we proceed with the show notes, may we please have a moment of
silence for the passing of Geocities, the last refuge of the blink tag. (The
rest of the show is all about security stuff, and we even have all
three of us on together again, but I'm just too chocked up over the
death of Geocities for proper show notes. It was as if a million cheesy
fan sites cried out, and were suddenly silenced.) This really is Episode 171, even if I called it 170 at the beginning of the podcast - Martin Network Security Podcast, Episode 171
Time: 38:54Show Notes:
Direct download: nsp-102709-ep171.mp3 Category: podcasts -- posted at: 11:35 AM |
|
Tue, 20 October 2009 For the first time in a long time, Martin, Rich, and Zach are all
together on the podcast. Sorry we missed last week, but we've all been
dealing with job changes (Zach and Martin) or vacations in tropical
paradises (Rich). After a brief wandering to talk about
Halloween preparations, we get back on topic and catch up with some new
stories, and a few from the week we missed. We talk about the evolution
of security professionals, tokenization, and how the Danger/Sidekick
thing had nothing to do with cloud computing. Network Security Podcast, Episode 170
Time: 34:12Show Notes:
Direct download: nsp-102009-ep170.mp3 Category: podcasts -- posted at: 11:03 PM |
|
Tue, 6 October 2009 Rich is spending a well earned vacation with his wife somewhere south
of the border. Normally this means I'd get in touch with Zach, but
this week he's north of the border at SecTor.ca.
With any luck, Zach will be able to pick up a few interviews with some
of the cool kids who got to go play in Toronto. In the mean time I was
left to fend for myself and called upon one of the people who got me
involved in podcasting to begin with, George Starcher. While George no longer has his own podcast, he's a regular on the Typical Mac User Podcast, but is willing to put up with a Windows user like me. Network Security Podcast, Episode 169, October 6, 2009
Time: 27:09Show Notes:
Direct download: nsp-100609-ep169.mp3 Category: podcasts -- posted at: 7:30 PM |
|
Tue, 29 September 2009 Despite a short discussion of Rich's paranoia in the opening of the
show, we mostly play it straight and stick to the security news. We
found a few interesting stories this week, and the major theme seems to
be "stupidity". On one side is a prison that let an inmate reprogram
their computer system, on the other a money-mule for scams that thought
sending money-grams to foreign countries was a legitimate "work at
home" job. Sigh. Network Security Podcast, Episode 168
Time: 29:53Show Notes:
Direct download: nsp-092909-ep168.mp3 Category: podcasts -- posted at: 8:10 PM |
|
Wed, 23 September 2009 Before we dig into this week's security news, we diverge (slightly) to talk about Emergency- This Book Will Save Your Life
and disaster planning. I (Rich) read the book last week and found it to
be a ton of fun; it's the story of a journalist who slowly descends
into the rabbit hole of the survivalist community. Well written, with
plenty of good advice and stories. It's not really a survival guide,
more of a personal story and lessons learned. I had a bit of a
shock as I realized that most of my disaster plans aren't relevant
anymore as my life status has changed. I used to be single, in
Colorado, and part of the response infrastructure (which means access
to a ton of resources). Now I'm married, with a child and pets. I can't
really run off with a backpack and play hero if something bad hits. We also delve into some IT related disaster planning, so this isn't a complete non-sequiter. Network Security Podcast, Episode 167
Time: 32:13Show Notes:
To
get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25,
click on the banner below, select VIP Pass under Conference Pass and
and enter code “ HHUSA-MM-AP999“  Direct download: nsp-092209-ep167.mp3 Category: podcasts -- posted at: 12:29 AM |
|
Tue, 15 September 2009 You'd think that after taking off last week Rich and I would be back
and better than ever this week. But Mr. Mogull had a speaking
engagement elsewhere this week so I was joined once again by Zach Lanier of N0where.org.
In fact, Zach has agreed to join us on a regular basis and will be
contributing a weekly segment where he'll be doing a deeper dive on a
news story each week. At least that's the plan at this time, but those
are always subject to change. I also had a chance to interview Tim
Mather about his (along with Subra Kumaraswany and Shahed Latif)
upcoming book, Cloud Security and Privacy. I find it interesting to hear about how much the idea of the Cloud has changed since Tim started work on the book. Network Security Podcast, Episode 166
Time: 40:14Show Notes:
To
get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25,
click on the banner below, select VIP Pass under Conference Pass and
and enter code “HHUSA-MM-AP999“
Direct download: nsp-091509-ep166.mp3 Category: podcasts -- posted at: 6:58 PM |
|
Tue, 1 September 2009 Rich is off talking at a local OWASP meeting and I'm sitting at home
tonight trying to figure out Overlord. My kids are finally adjusting
to being called Minion 1 and Minion 2. Rich and I hit some of our
favorite topics like PCI and Apple updates, as well as gaming DDoS
attacks and rules about searching your laptop. It should be no
surprise to anyone that Rich and I would both like to go back to a time
where actual evidence was needed before you can take a traveler's
laptop. Network Security Podcast, Episode 165, September 1, 2009
Time: 33:29Show Notes:
To
get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25,
click on the banner below, select VIP Pass under Conference Pass and
and enter code “ HHUSA-MM-AP999“ Direct download: nsp-090109-ep165.mp3 Category: podcasts -- posted at: 9:51 PM |
|
Tue, 25 August 2009 Rich and I are both a little short on time today, so it's a good thing
I recorded an interview with Gregory Conti, West Point professor and
security author last week. We have a couple of stories we go over
briefly and no lack of opinions to go with them. In other words,
pretty much the same as every week. Network Security Podcast, Episode 164
Time: 41:01Show Notes:
Direct download: nsp-082509-ep164.mp3 Category: podcasts -- posted at: 7:42 PM |
|
Tue, 18 August 2009 Martin is back this week as we discuss some of the most fascinating
drama to come out of the security world in quite some time. As the
initial indictments for the Hannaford and Heartland breaches go public,
all sorts of fascinating tidbits emerge. There are double crossing
informants, Russian connections, and secret breaches that haven't hit
the public yet. We also finally learn exactly how most of these
breaches occured. Heck, it's almost interesting enough for a TV movie! Network Security Podcast, Episode 163
Time: 38:44Show Notes:
To
get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25,
click on the banner below, select VIP Pass under Conference Pass and
and enter code " HHUSA-MM-AP999"
Direct download: nsp-081809-ep163.mp3 Category: podcasts -- posted at: 8:24 PM |
|
Tue, 11 August 2009 Martin is out of town, so I'm joined this week by persistent-guest-host Zach Lanier of N0where.org and the Liquidmatrix Security Digest. I'm pretty amazed Zach agreed to join us again after all the abuse at Black Hat and DefCon. We
play it straight this week as we roll through a string of security news
and stories, cramming as much security goodness as possible into our 30
minutes of fame. Network Security Podcast, Episode 162Time: 32:00 Show Notes:
Direct download: nsp-081109-ep162.mp3 Category: podcasts -- posted at: 10:57 PM |
|
Tue, 4 August 2009 This week we wrap up our coverage of Defcon and Chris Hoff to provide his psychic
reviews. That’s right, Chris couldn’t make the even but he was there
with us in spirit, and on tonight’s show he proves it. Chris also
debuts his first single, “I Want to be a Security Rock Star”. Your ears
will never be the same.
Network Security Podcast, Episode 161
Time: 41:22
Show Notes:
Direct download: nsp-080409-ep161.mp3 Category: podcasts -- posted at: 11:34 PM |
|
Tue, 28 July 2009 I'm jealous. Rich is already in Vegas, our guest host Zach Lanier
should be there soon, while I'm still in California and have to get up
at 4am tomorrow morning to catch my flight. On the other hand,
nothing's really happening until I get there in any case, but I'd
rather be there sooner than later. There's already been a little drama
with the Matasano site being hacked over the weekend and Dan Kaminsky's
site getting hacked today. Rich says Dan got his site back pretty
fast, but it's still annoying. And then there's the out of cycle
Microsoft patch that was released today, which is bound to get a little
attention. Oh yeah, Rich also released a little paper on patching that
was sponsored by Microsoft. No real show notes tonight, I
have to go pack. Starting tomorrow, we'll be coming at you fast and
furious with a series of near live 'microcasts', the 5-20 minute
interviews we do as often as we can corner people in the hallways.
Should be interesting. Network Security podcast, Episode 160, July 28, 2009
Time: 23:27Tonight's Music: Let's go to Vegas by Fabulous HatsDirect download: nsp-072809-ep160.mp3 Category: podcasts -- posted at: 10:57 PM |
|
Tue, 21 July 2009 Did we mention Black Hat? That's right, this is our last episode
before Rich and I are on site in Vegas for the big event. We cover a
few of this week's news items before moving to Martin's interview with
Jibran Ilyas of the Trustwave SpiderLabs team, who will be presenting the Malware Freakshow at Defcon on Saturday.
Network Security Podcast, Episode 159
Time: 39:22
Show Notes:
Direct download: nsp-072109-ep159.mp3 Category: podcasts -- posted at: 10:27 PM |
|
Tue, 7 July 2009 I can't entirely promise tonight's episode makes a lot of sense.
Martin is back from Kyoto, and seriously jetlagged, and I don't think I
was a whole lot better. Sure, we cover the usual collection of security
news, but the episode is filled with non-sequitors and other
dissociated transitions. On the other hand, we do stick fairly closely
to security related topics. In other words, listen at your own risk.
[Martin]It made perfect sense before I said it out loud. Afterward, not so much.[/Martin]
Network Security Podcast, Episode 157
Time: 25:08
Show Notes:
Direct download: nsp-070709-ep157.mp3 Category: podcasts -- posted at: 11:42 PM |
|
Tue, 30 June 2009 Martin is off in Japan this week, so I'm joined by our good friend Amrit Williams from BigFix and the Techbuddha blog.
Amrit and I start off by talking about the rolling blackouts in
California and disaster preparedness, before jumping into the week's
security news.
Network Security Podcast, Episode 156
Time: 41:28
Show Notes:
Direct download: nsp-063009-ep156.mp3 Category: podcasts -- posted at: 8:24 PM |
|
Tue, 23 June 2009 We start the show off by wishing Martin luck with his presentation
at the FIRST conference in Kyoto, foolishly trusting Rich with the keys
to the podcast. Then Rich fawns over his iPhone 3GS a little too much,
but he does manage to talk about some cool new security features.
Rich
also rants a little on one of our PCI stories, and Martin updates us on
his XBox wireless situation. Finally, we geek out a bit on Adam Savage
appearing at DefCon.
Network Security Podcast, Episode 155
Time: 35:28
Show Notes:
Direct download: nsp-062309-ep155.mp3 Category: podcasts -- posted at: 7:58 PM |
|
Tue, 16 June 2009 This week we had a chance to talk to Jeff Moss, the founder of a couple minor security events, Black Hat and Defcon.
Of course some would say that they're the biggest social events of the
year, along with having the best presentations on cutting edge security
research, but what do they know. A lot apparently, given the number of
security professionals and hackers who'll be be making the trip to Las
Vegas at the end of July to attend both of these events. Jeff was recently asked to be a part of the Homeland Security Advisor Council,
a diverse group of sixteen individuals who will be advising the DHS and
Secretary Napolitano on the security concerns they're seeing in the
real world. This group includes Govenors, both past and present,
Mayors, CEO's and Presidents, though Mr. Moss is the only computer
security expert. Jeff is still learning about what this really means,
but we spent a significant part of the interview talking about what it
means and the agendas he personally would like to see pushed at the
DHS. One of his big concerns is the tradeoff we're making between
security and privacy and if anyone is taking steps to measure those
tradeoffs. Network Security Podcast, Episode 154, June 16, 2009
Time: 45:34Direct download: nsp-061609-ep154.mp3 Category: podcasts -- posted at: 8:01 PM |
|
Tue, 9 June 2009 Rich was somewhere in the air over the Midwest today, which would have
made recording a podcast questionable at best. So rather than take any
chances with technology, we got a stand in for him in the form of our
very own Security Curmudgeon, Jack Daniel.
I met Jack face to face for the first time at one of the first big
'security' conferences I'd ever been to on the East Coast, Shmoocon
2007. I haven't made it back for another conference recently, but when
I do, I'm sure that there will be people like Jack who will give me a
warm welcome. Jack and I spend a little time bashing the CISSP
yet again, we talk about some very interesting news stories and wrap up
discussing getting involved in the security community. All in all,
another good show. Network Security Podcast, Episode 153
Time: 41:41Show Notes:
Direct download: nsp-060909-ep153.mp3 Category: podcasts -- posted at: 11:49 PM |
|
Tue, 2 June 2009 We hope no one begrudges us for taking last week off due to the
holiday, and we're back this week with all your juicy security
goodness. After a short discussion of our mutual weekends spent
recovering old hard drives and systems, we talk about the upcoming
Black Hat and DefCon conferences before digging into the news. We
discuss stories from a return of the L0pht Heavy Industries, to White
House speeches, and Mac security. Network Security Podcast, Episode 152, June 2, 2009Time: 35:36Show Notes:
Direct download: nsp-060209-ep152.mp3 Category: podcasts -- posted at: 9:12 PM |
|
Tue, 19 May 2009 We probably more the doubled the number of stories we talked about this
week, but we only added about 8 minutes to the length of the podcast.
You can consider this the "death by a thousand cuts" podcasts as we
cover a string of shorter stories, ranging from a major IIS
vulnerability, through breathalyzer spaghetti code, to how to get
started in security. We also spend a bit of time talking about
Black Hat and Defcon, and celebrate hitting 500,000 downloads on
episode 150. Someone call a numerologist! Network Security Podcast, Episode 151, May 19, 2009
Time: 42:24Show Notes:
Direct download: nsp-051909-ep151.mp3 Category: podcasts -- posted at: 10:57 PM |
|
Tue, 12 May 2009 This is one of those good news/bad news weeks. On the bad side, Rich
messed up and now has to retake an EMT refresher course, despite almost
20 years of experience. Yes, it's important, but boy does it hurt to
lose 2 full weekends learning things you already know. On the upside,
this is, as you probably noticed from the title of the post, episode
150! No, we aren't doing a 12 hour podcast like Paul and Larry did (of
PaulDotCom Security Weekly), but we do have the usual collection of
interesting security stories. Network Security Podcast, Episode 15, May 12, 2009Time: 38:18Show Notes:
Direct download: nsp-051209-ep150.mp3 Category: podcasts -- posted at: 8:51 PM |
|
Tue, 5 May 2009 It's been a bit of a strange week on the security front, with good guys
hacking a botnet, a major security vendor called to the carpet for some
vulnerabilities, and yet another set of Adobe 0days. But being Cinco de
Mayo, we can just margarita our worries away. In this episode we
review some of the bigger stories of the week, and spend a smidge of
time pimping for a (relatively) new site started by some of our
security friends, and a new project Rich is involved with. Network Security Podcast, Episode 149, May 5, 2009Time: 34:08Show Notes:
Direct download: nsp-050509-ep149.mp3 Category: podcasts -- posted at: 7:32 PM |
|
Tue, 28 April 2009 Rich and I are back from RSA, rested and ready to go! Baah, who am I
kidding; here it is four days later and we're both still so tired we're
barely able to talk coherently. Not that we'd let that stop us from
recording a podcast. Never has and probably never will. In any case,
we start tonight with a recap of some of our observations of the 2009
RSA Conference and move on to the current media hype over the swine
flu. Use the swine flu as a learning exercise in how to cope with
media hype, a good excuse for reviewing your own disaster preparedness
plans and a way to get some of the same issues dealt with by your
management. The hours you spend looking at your options today may save
you hours or days down the line.
Network Security Podcast, Episode 148, April 28, 2009Time: 40:06 Show Notes:
Direct download: nsp-042809-ep148.mp3 Category: podcasts -- posted at: 11:49 PM |
|
Tue, 28 April 2009 Rich and I tried our best to get a podcast recorded and posted last
night, and we were partially successful; at least we got the podcast
recorded. But the editing and posting part was well beyond my
capabilities once I got back to the hotel room last night. But it's
here, bright, shiny and new first thing in the morning. RSA has
been a hectic and exhilarating event so far, and the best part is yet
to come! Rich and I had just finished our panel discussion, Avoiding
Security Groundhog Day, and were joined by Rich's partner at Securosis,
Adriane Lane. We found the quietest spot possible at RSA, which
happened to be the near the top of the escalators. Yes, quiet space
really is that rare at RSA. Network Security Podcast, Episide 147, April 21, 2009Direct download: nsp-042109-ep147.mp3 Category: podcasts -- posted at: 8:38 AM |
|
Tue, 14 April 2009 Rich and I are both nearly at our wit's end today. Whatever that
really means. We're trying to do our day jobs while helping organize
the Security Bloggers Meetup and Social Security Awards, and trying to
manage our schedules for next week as well. We realized during the
show that we hadn't really set aside any time to get together and
record a podcast during RSA, so you may get a number of interviews from
the event without actually hearing Rich and I in the same room. We
talk a lot about what we'll be doing at RSA along with a couple
comments about the Twitter worm from Easter weekend and the continuing
issue of AT&T fiber cables being cut in the Bay Area. Hope to see you at RSA next week! Network Security Podcast, Episode 146, April 14, 2009
Time: 30:51Tonight's music: The Pain of Numbers by Get Three Coffins ReadyDirect download: nsp-041409-ep146.mp3 Category: podcasts -- posted at: 9:03 PM |
|
Tue, 7 April 2009 Rich and I recorded this week's podcast Monday night because I was
supposed to be in San Francisco at Seesmic HQ learning about the newest
version of the Twhirl twitter client, but after the day I've had,
coming home and doing the final edit on the podcast was a much better
idea. Besides that I have another podcast to do some editing on and
about twenty hours of other work I need to get done. The worst part is
that I have the new Harry Dresden book, Turn Coat, by Jim Butcher and
don't have the time to read it tonight. And my life is relatively calm
compared to Rich's. Oh well, if we survive the week, there'll be
another podcast next week.
Network Security Podcast, Episode 145, April 7, 2009
Time: 31:52Show Notes:
Direct download: nsp-040709-ep145.mp3 Category: podcasts -- posted at: 11:07 PM |
|
Wed, 1 April 2009 We've got a long show to night, but well worth it. Rich was able to
talk Dino Dai Zovi into appearing on the show after his recent talks at
both SOURCE Boston and CanSecWest, despite Dino's feeling the effects
of so much travel. We talked about his new book, about his post "No
More Free Bugs" and general dealings with vendors about
vulnerabilities. Rich also succumbs to the darkside and let's his
fanboi roots show more than a little. We finish by talking about the
impending doom that is (or isn't) Conficker and the GhostNet. We had a
lot more to talk about, but in honor of your time and our energy, we
ended it before we really got rolling. Still not as long as a
Pauldotcom show though. Speaking of which, congratulations to Paul on
his new role over at Tenable! Network Security Podcast, Episode 144, March 31, 2009Time: 53:31 Show Notes:
Direct download: nsp-033109-ep144.mp3 Category: podcasts -- posted at: 12:07 AM |
|
Tue, 17 March 2009 Rich and I were joined by a special guest tonight, Bill Brenner, Senior Editor at CSO Online.
We wanted to talk to Bill because there was an interesting story about
the BBC buying a botnet and we wanted his take on this, as well as our
other stories. Bill's a journalist who's been in the security space
for about five years and has a slightly different perspective than that
of someone who's down at the ground level doing security. Which is
also slightly different than the perspective Rich and I have. We also
wanted to bring Bill on because he has a new podcast of his own. This ended up being one of the longer podcasts we've done in a while, but I think it was worth it. Network Security Podcast, Episode 142, March 17, 2009Time: 43:24 Show Notes:
Direct download: nsp-031709-ep142.mp3 Category: podcasts -- posted at: 10:49 PM |
|
Tue, 10 March 2009 It seems that not even my new adventures in parenthood can keep me away
from the show. After a much-appreciated 2 week break, it's good to be
back. This week Martin and I roll through another series of
articles covering the week's security events, after a small divergence
to talk about my new daughter (man, is it weird to say that). We start
by discussing the resignation of cybersecurity chief Rod Beckstrom over
concerns that the NSA is taking over the show. No folks, the NSA isn't
evil, and I don't think they have a single black helicopter, but it's
probably too orthagonal a mission considering their current mandate. We
also discuss the effectiveness of data breach laws, advances in
botnets, and the earliest signs of some accountability in PCI. Martin
closes the show with a close-call and micro-scare involving his parents
and malware. Note: The proper name for the malware I mention at the end of the podcast is Spyware Remover 2009. (Martin) Network Security Podcast, episode 141, March 10, 2009Time: 38:21 Show Notes:
Direct download: nsp-031009-ep141.mp3 Category: podcasts -- posted at: 8:20 PM |
|
Tue, 3 March 2009 Rich luckily couldn't make the show tonight. I say luckily because
that means he has a brand new baby girl to bring home and he'd rather
spend time with his wife and new daughter than us. Go figure. I found
someone to fill in for Rich this week however, Joel Esler,
Sourcefire security consultant, fellow blogger and handler at the SANS
Internet Storm Center. Joel is the guy you want to talk to if you have
any questions about Snort and Sourcefire. He is also someone who's on
the front lines of dealing with malware, something that's highlighted
by our conversation about the recent Acrobat 0-day. I'm glad
Joel was able to come on tonight with relatively short notice and maybe
I'll return the favor some day and be on the Internet Storm Center
podcast. I only hope I'll be able to contribute something intelligent
when the time comes. Network Security Podcast, Episode 140, March 3, 2009Time: 37:58 Show Notes:
Direct download: nsp-030309-ep140.mp3 Category: podcasts -- posted at: 7:32 PM |
|
Tue, 24 February 2009 Rich wasn't able to make it to the podcast tonight due to last minute
efforts to make his house ready for a new addition to his family. The
exact timing, as is generally the case in these matters, is almost
entirely out of the hands of anyone but the baby, so Rich may bee
taking another week or two off to deal with the changes to his life.
Then he'll be back and you'll get to listen to more discussions of
dirty diapers. Actually, I'll try to keep that talk to a minimum, but
you know it'll happen occasionally. So tonight I enlisted the help of friend and fellow security blogger, Andy Willingham, aka Andy IT Guy.
Andy recently went on a trip to Spain to appear with folks like Bruce
Schneier and Byron Acohido on stage at an event put on by Panda
Security. Sounds like Andy had a good time and really makes me wish
I'd been able to go. I'll take Spain over Chicago any day. Plus
talking to Andy gave me all the excuse I needed to make fun of Chris
Hoff, not that I ever need much of an excuse. Network Security Podcast, Episode 139, February 24, 2009Time: 30:43 Show Notes:
Direct download: nsp-022409-ep139.mp3 Category: podcasts -- posted at: 11:06 PM |
|
Tue, 17 February 2009 After a three week break from each other, Rich and I are back on the
mic together. I'm at home again, Rich's life hasn't fundamentally
shifted yet, and all is good. Of course, considering how much work
Rich and I both have in our 'day jobs', it's amazing we ever find the
time to podcast at all. My part in the podcast is a little
light this week, since Rich managed to find an awesome guest to
interview, Brian Krebs from the Washington Post. I don't know of any
reporters out there who've done more to expose the bad guys to the
light of day than Brian has, and he's a pretty good writer too. Rich
was able to take a few minutes of Brian's time to talk about spam,
organized crime and and how we may need to change the Internet in the
future to make the bad guys life harder. I don't think Brian is going
to run out of things to write about any time soon. We also
talked for a few minutes about Valentine's Day, the new Facebook Terms
of Service and life in general. Hopefully Rich will be back next week,
but there's a chance I may be looking for a guest co-host next week.
Or there may be more diaper talk as Rich finds out about all those
things I've been warning him about for months.
Network Security Podcast, Episode 138, February 17, 2009Time: 36:20 Show Notes:
Direct download: nsp-021709-ep138.mp3 Category: podcasts -- posted at: 7:49 PM |
|
Tue, 27 January 2009 Lies, damn lies, and statistics. Nothing makes us more excited than
being able to correlate actual monetary losses to major breaches, and a
study in Maine that does exactly that leads us off this week. (Maybe
some other things excite us more, but we're not about to talk about
those on the podcast). From there we dig into the pittance of
information available on the Monster.com breach, before heading off
into pundit land as we discuss the White House priorities for Homeland
Security, spammers and short-lived websites, and yet another idiot
leaving sensitive data on portable storage (an MP3 player). We
recorded during the work day this week, so a few times you get to hear
our phones in the background. We promise we didn't just add them in
there to trick all of you into thinking we really have jobs. Network Security Podcast, Episode 136, January 27, 2009Time: 27:43 Show Notes:
Direct download: nsp-012709-ep136.mp3 Category: podcasts -- posted at: 6:34 PM |
|
Tue, 20 January 2009 By definition, every day is "historic", but there are clearly some
events that will be remembered through the annals of history more than
others. Today is the inauguration of the 44th President of the United
States; and boy is it a day filled with history. It's also a day filled
with a big honking data breach. In tonight's episode we talk
about what the new administration revealed about their technology
policy agenda. We also discuss worms on military systems in the UK, the
security metrics of laughter, and disclosure gone bad. Again. Through
all this Rich comes a little unhinged in a series of rants that cover
the First Amendment, goths, and New Zealand strip clubs. Martin makes a
bad submarine joke. Network Security Podcast, Episode 135, January 20, 2009Time: 35:32 Show Notes:
Direct download: nsp-012009-ep135.mp3 Category: podcasts -- posted at: 7:50 PM |
|
Tue, 13 January 2009 Rich and Martin have a bunch of news to talk about tonight, along with
a little bit of rambling at the end. We're both getting used to the
new year and getting our feet back underneath us after taking some time
off for the holidays. Why is it that if you take the time off the work
still keeps piling up while you're gone. We're working on some
improvements for the show that aren't quite ready, but Rich teases a
little at the end of the show.
Network Security Podcast, Episode 134, January 13, 2009Time: 32:27 Show Notes:
Direct download: nsp-011309-ep134.mp3 Category: podcasts -- posted at: 7:55 PM |
|
Wed, 7 January 2009 Rich is San Francisco at Mac World and Martin is in his office at home
this week for the first podcast of 2009. We're keeping it short, since
both of us are still in the Christmas spirit of not getting a lot
done. Really, it's more like Rich is on a cell phone in the center of
Mac World and Martin has a lot of catching up to do after taking some
time off to travel with his family.
Network Security Podcast, Episode 133, January 6, 2009
Time 18:44
Show Notes:
Direct download: nsp-010609-ep133.mp3 Category: podcasts -- posted at: 12:32 AM |
|
Tue, 16 December 2008 Welcome to the last Network Security Podcast of 2008. Rich and Martin
are taking some well deserved time off and will be back on January 6th,
2009. We kept it short and would like to wish everyone a very happy
holiday season. But don't think we'll be resting on our laurels while
we're off, we've got some exciting plans for 2009! Among other things
we'll be working on the sound quality, updating the site and have some
other interesting changes in store for you. Unless one of us get's
blindsided by reality that is. Until next year, thanks for listening and we both wish you and your families the best for the holiday season!
Network Security Podcast, Episode 132, December 16, 2009Show Notes:
Direct download: nsp-121608-ep132.mp3 Category: podcasts -- posted at: 8:14 PM |
|
Sun, 14 December 2008 Alright folks- Martin is off this week as he bounces around for his
paying job, so I brought in a special co-host this week. That's right,
Big Bad Chris Hoff from Rational Survivability
joins us to discuss the our national cybersecurity, DNS attacks, DHCP
trojans, the future of information centric security, and, of course,
the wonders of the cloud. (Oh, and some wacky fitness program we bought
off an infomercial). And yes, we talk sumo suits and Martin's fate during the last few minutes. The Network Security Podcast, Episode 131, December 9, 2008.Show Notes:
Direct download: nsp-120908-ep131.mp3 Category: podcasts -- posted at: 9:08 PM |
|
Tue, 2 December 2008 This week, Rich and Martin actually make the podcast live up to it's
name. You'll have to wait until the second half of the podcast, but we
take a good part of today's show and discuss some of the technology
that we've both put into our networks, the reasons behind the choices
we've made, and some of the effects those choices have made on our
computing experience. Let us know about your home network and the
hows/whys of the choices you've made in setting it up. Network Security Podcast, Episode 130, December 2, 2008Show Notes:
Direct download: nsp-120208-ep130.mp3 Category: podcasts -- posted at: 5:38 PM |
|
Tue, 25 November 2008 Rich and I are preparing for Thanksgiving, just like everyone else in
America right now. I don't know about you, but that primarily means I
have five days of work to accomplish in three days of the week. So we
didn't organize a guest this week, we sat down together (1000 miles
apart) and talked about some of the stories that caught our attention
over the last couple of weeks. It's a good show, and we're out of here
until after Turkey Day. Have a great Thanksgiving! Network Security Podcast, Episode 129, November 25 2008Show notes:
Direct download: nsp-11252008-ep129.mp3 Category: podcasts -- posted at: 10:36 PM |
|
Tue, 18 November 2008 We're joined today by Glenn Fleishman to talk about our own recent past
and the recent cracks in the WPA armor. Rich recently got to visit
Russia to participate in a talk on Data Leak Prevention, while Martin
got his own sit down with DHS Secretary Michael Chertoff. Glenn had a
little excitement of his own, with a detailed article on the recently
revealed vulnerabilities in WPA using TKIP. It's a small vulnerabilty,
but both Rich and Glenn suspect it's just a precursor to bigger, badder
things to come. And somewhere in there, a three year anniversary for
the podcast slipped by.
Network Security Podcast, Episode 128, November 18, 2008
Show Notes:
No time for any music or fancy stuff like that. Direct download: nsp-111808-ep128.mp3 Category: podcasts -- posted at: 11:20 PM |
|
Wed, 12 November 2008 When I first got an invitation to attend a roundtable discussion
with Department of Homeland Security Secretary Michael Chertoff, I
thought thought it was a hoax, as did some of the people I asked about
it. A little fact checking revealed that it was the real deal, but the
meeting was in Washington, DC. Traveling cross country for an hour
meeting isn’t in my budget, so I regretfully passed on the
opportunity. Fast forward a month and the invite comes again, but this
time it’s happening at Stanford University. There’s no way I could
pass that by. Andrew Storms and George Ou
expressed interest in going and Secretary Chertoff’s Press Secretary,
Caroline Dieker, made the arrangements and we were all invited to
attend.
I was impressed by Secretary Chertoff; he speaks plainly, with only
a little of the evasion I’d expected from someone in a position like
his. I don’t agree with all his arguments and ideas, but he was very
open to discussing them publicly. I almost feel bad that he’s going to
be gone come January. I tried to tweet the whole thing as much as
possible, but it’s easy to get distracted in a situation like this. I
captured the entire conversation on my little iRiver 795 and here it is
so you can listen for yourself.
Network Security Podcast, Episode 127, November 11, 2008 - Blogger Roundtable with DHS Secretary Michael Chertoff
Direct download: nsp-111108-ep127.MP3 Category: podcasts -- posted at: 12:54 AM |
|
Tue, 4 November 2008 This is a special Get Out and Vote episode. Rich is in Russia of all
places and Martin is on the road most of today, so this episode was
recorded on October 31, 2008, Halloween. And there isn't much scarier
today than Direct Recording Electronic (DRE) voting machines. That
might make a good costume next year. In any case, exercise your right
and responsibility to vote today! Network Security Podcast, Episode 126, November 4, 2008Show Notes:
PS. We took great pains to make sure the audio quality was a lot better this week. Thanks for listening Direct download: nsp-110408-ep126.mp3 Category: podcasts -- posted at: 8:15 AM |
|
Wed, 29 October 2008 I had to run out the door immediately after recording, but despite
technical difficulties, Rich and I recorded a short interview with
David Mortman, 'blogger-in-residence' for Debix.
Network Security Podcast, Episode 125, October 28, 2008
Show NotesDirect download: nsp-102808-ep125.mp3 Category: podcasts -- posted at: 8:14 AM |
|
Tue, 21 October 2008 Want to talk about electronic voting? We did. So we invited Jacob West from Fortify
to talk with us about a paper he just published with a couple of
engineers at Fortify. Guess what, they found electronic voting using
DRE voting machines are the least secure way to vote. Makes me feel
good going into the election. It's a good thing we're fairly
self-policing when it comes to time, this is a conversation that could
have gone on for a couple of hours.
We had a number of technical issues tonight, so be glad we've got a podcast up at all.
Network Security Podcast, Episode 124, October 21, 2008
Show Notes:
Direct download: nsp-102108-ep124.mp3 Category: podcasts -- posted at: 9:52 PM |
|
Tue, 7 October 2008
Wow- this episode number is the same as the combination on my luggage. What a strange coincidence!
For the first time in a while it is just Martin and myself, which
likely explains why we went over 30 minutes. We even had about 7 live
listeners tonight, out of our regular audience of 2000 or so per
episode. I kind of like knowing there are real people out there and
Martin and I are exploring how to make it a better experience in the
future. We talked about a lot tonight, ranging from the tragedy of
electronic voting to the just-released clickjacking details.
As a reminder, keep an eye on our Twitter feed for our recording
times if you want to listen live- usually Monday or Tuesday evenings.
Network Security Podcast, Episode 123, October 7, 2008
Show Notes:
Direct download: nsp-100708-ep123.mp3 Category: podcasts -- posted at: 10:18 PM |
|
Tue, 30 September 2008
I have to say, this is definitely one of our better episodes. We’re joined this week by Robert “Rsnake” Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security
as they discuss their new clickjacking exploit. Robert and Jeremiah
kind of stumbled onto a serious browser issue, the details of which
started leaking before they really knew what they had. They responsibly
decided to hold back the details as some of the worst parts of this are
fixed, but were able to share some generalities, the story of how this
all happened, and what you can expect when the details are finally
exposed.
Before delving into clickjacking, we also spend some time on
electronic voting and the top 10 ways to tell if you’ve been exploited
(number 11 is if you’ve ever visited ha.ckers.org). Jeremiah and Robert
are good friends, so there’s plenty of us having fun at each others
expense.
Network Security Podcast, Episode 122. September 30, 2008
Show Notes:
Direct download: nsp-093008-ep122.mp3 Category: podcasts -- posted at: 9:27 PM |
|
Tue, 23 September 2008 We had a special guest tonight, fellow podcaster T-Rob Wyatt. T-Rob is a security professional working on WebSphere MQ and recently started his own deep-dive podcast, The Deep Queue.
Of course, we talked about Palin and her email, but we also tried to
talk a bit about what that means to the average computer user. We got
everything out of our system on Palin in one episode, so you won't be
hearing about this again. Until they catch the guy who's responsible
that is. We tried streaming again tonight, sorry for not giving any advanced notice. We'll try to do better next week. Network Security Podcast, Episode 121, Septemeber 23, 2008Show Notes:
Direct download: nsp-092308-ep121.mp3 Category: podcasts -- posted at: 9:49 PM |
|
Tue, 16 September 2008 Tonight was our first attempt at recording the Network Security Podcast
while also streaming it live to the world. As you might have guessed,
there were a few minor glitches, but over all things worked out. We
plan on streaming most, if not all, of the podcasts from now on, though
we don't think there is any way we can get ourselves coordinated enough
to actually record the show at the same time every week. After all,
there has to be some randomness to the NSP experience, otherwise it
wouldn't be the NSP. The URL for the streaming audio is http://hak5radio.com:8000/netsecpodcast.mp3.m3u and we'll try to tweet and post a note at least a couple of hours before the recording in the future. We were joined tonight by Justin Searle, Kevin Johnson and Jay Beale from Intelguardians. As well as discussing the news stories of the week, the guys were here to tell us about a new LiveCD they've developed, Samurai.
They saw a hole in the security LiveCD arena and created a Web Testing
Framework LiveCD for beginners to learn on and experienced pen testers
to use in the real world. Fun stuff, which is why tonight's podcast
went a little long. Network Security Podcast, Episode 120 for September 16, 2008Time: 43:57 Show Notes:
Direct download: nsp-091608-ep120.mp3 Category: podcasts -- posted at: 8:30 PM |
|
Tue, 9 September 2008 Rich is back after a week at the Democratic National Convention and a
week of vacation with his wife. He's been out of touch between being
in Denver and being off the coast of Alaska. He'd also just arrived
home a couple of hours before we started recording, so tonight's show
is short, sweet and to the point. Which is probably for the best,
since there were privacy issues up for discussion; I was barely able to
keep Captain Privacy at bay.
Network Security Podcast, Episode 119, September 9, 2008
Time: 24:14Show Notes:
Direct download: nsp-090908-ep119.mp3 Category: podcasts -- posted at: 8:51 PM |
|
Tue, 2 September 2008 I just realized that I made a mistake in last week's show notes (I
know, no surprise) and said Rich was on vacation. Really he was doing
some top secret work at the Democratic National Convention. Or so he
told me. It's this week that he's on vacation, so he asked Dennis
Fisher, the Executive Editor of TechTarget. Dennis has a lot of
industry experience as well as having a viewpoint that's especially
relevant to the listener questions discussed tonight: Is a degree
important to a job in security and how to make money as a security
blogger (hint: you probably won't) Network Security Podcast, Episode 118, September 2, 2008Time: 30:58 Show Notes:
Direct download: nsp-090208-ep118.mp3 Category: podcasts -- posted at: 10:51 PM |
|
Tue, 26 August 2008 While Rich is off on a well deserved vacation with his wife, I'm
joined by Mike Rothman, analyst, consultant, blogger, podcaster and
friend. Mike and I recorded Monday night since I should be in a hotel
somewhere in Southern California when this goes live.
Show Notes:
Network Security Podcast, Episode 117
Time: 30:34
Direct download: nsp-082608-ep117.mp3 Category: podcasts -- posted at: 8:54 PM |
|
Wed, 20 August 2008
A bit of a different episode this week.
Since Martin is traveling, rather than a guest host this week we’re
posting the last of the interviews recorded at DefCon- but this one is
a doozy. David Mortman, Dave Maynor, Chris Hoff, Robert “Rsnake”
Hanson, and Larry Pesce join us immediately after we all finished our
DefCon panel. Martin, as the sober one, interviews us as we record what
is our first clearly explicit podcast. Yes folks, we hit all 7 dirty
words plus a few bonuses. Not to worry, we do include some content as
we discuss what we covered in the panel and whatever other topics flew
into our adult-beverage-addled brains. We had a heck of a lot of fun
putting the DefCon back into DefCon, and we hope you enjoy this little
slice of the unfiltered.
Yes, this really is an explicit episode, so consider yourselves warned.
Network Security Podcast, Episode 116
Length: 24:00 (or so)
Direct download: nsp-081908-ep116.mp3 Category: podcasts -- posted at: 2:07 AM |
|
Tue, 12 August 2008 Rich and I are both back from a week at Black Hat/Defcon and thankful
to be home in one piece. While the event is a ton of fun and
educational, it's also physically and emotionally exhausting. Tonight
we talk about some of the talks we attended, what we learned, both in
and out of the talks. Dan Kaminsky's talk on DNS was probably the
biggest talk at both events, but there was still a ton of other talks
worth attending. There's still a couple more microcasts to
come out of the events. Please let us know how you like those and if
there's anything we can do to make them better in the future. Show Notes:
Network Security Podcast, Episode 115, August 12, 2008Time: 25:38 Direct download: nsp-081208-ep115.mp3 Category: podcasts -- posted at: 9:11 PM |
|
Sun, 3 August 2008 Rich and I took a few minutes this morning to talk about what we're
planning for Black Hat and Defcon this year. Rich has been at many of
these events and works as a speaker escort part of his time there.
This is only my second year attending, so I'm still learning my way
aroudn a little. We both have a number of suggestions concerning
security at the events. One big rule we didn't mention is "If you
don't need it, don't take it." I think I'll be leaving the camera with
the wifi memory card in it at home. If you see us this coming
week, please don't feel shy about introducing yourself as a listener or
reader. It's always good to be able to put a face to the name and the
voice coming from your computer. Network Security Podcast Pre-Black Hat/Defcon 2008 SpecialTime: 12:38 Direct download: nsp-preBHDC2008special.mp3 Category: podcasts -- posted at: 2:17 PM |
|
Wed, 23 July 2008 Martin is off in the wonderland known as Madison, WI; home of The
Onion. Which means, of course, that I did the recording this week and
the audio isn't quite up to Martin's standards. I blame him though,
since it was mostly his Skype connection. There was a lot to
talk about this week, from the great nation of Texas requiring private
investigator licenses for PC techs, to sysadmins run amok in San
Francisco, to cold boot encryption, and... what was it... oh yeah, some
little DNS issue rearing its head again.
Network Security Podcast Episode 113, July 22, 2008Direct download: nsp-072208-ep113.mp3 Category: podcasts -- posted at: 4:02 AM |
|
Tue, 15 July 2008 Tonight Rich and I are joined by Andrew Storms,
Director of Security Operations at nCircle and fellow blogger. We
continue talking about Dan Kaminsky's DNS vulnerability and the role
Rich continues to play. We also talk about lost laptops and new
iPhones. Show Notes:
Network Security Podcast, Episode 112, July 15, 2008Time: 50:00 Direct download: nsp-071508-ep112.mp3 Category: podcasts -- posted at: 7:29 PM |
|
Tue, 8 July 2008 Today, CERT is issuing an advisory for a massive multivendor patch to
resolve a major issue in DNS that could allow attackers to easily
compromise any name server (it also affects clients). Dan Kaminsky discovered the flaw early this year and has been working with a large group of vendors on a coordinated patch. The
issue is extremely serious, and all name servers should be patched as
soon as possible. Updates are also being released for a variety of
other platforms since this is a problem with the DNS protocol itself,
not a specific implementation. The good news is this is a really
strange situation where the fix does not immediate reveal the
vulnerability and reverse engineering isn't directly possible. Dan
asked for some assistance in getting the word out and was kind enough
to sit down with me for an interview. We discuss the importance of DNS,
why this issue is such a problem, how he discovered it, and how such a
large group of vendors was able to come together, decide on a fix, keep
it secret, and all issue on the same day. Dan, and the vendors,
did an amazing job with this one. We've also attached the official CERT
release and an Executive Overview document discussing the issue. Executive Overview (pdf) CERT Advisory (doc)Update: Dan just released a "DNS Checker" on his site Doxpara.com to see if you are vulnerable to the issue.
Network Security Podcast, Episode 111, July 8, 2008
Direct download: nsp-070808-ep111.mp3 Category: podcasts -- posted at: 2:45 PM |
|
Tue, 1 July 2008 Ever have one of those days where just about nothing seems to go
right? That just about describes today. Rich had to bail tonight due
to family obligations, though it sounds like it's the fun type of
obligation, not like having dinner with Aunt Ethel or something. We
had a guest lined up, but due to poor planning on our (read: my) part,
we didn't communicate the recording time well enough and that didn't
work out. Luckily Michael Santarcangelo
was available to join me tonight as co-host, so you aren't stuck
listening to me drone on by myself for half an hour or so. I know
that's what I used to do every week, but it just seems so much harder
than it used to. Network Security Podcast, Episode 110
 Time: 1:03:17
Show NotesDirect download: nsp-070108-ep110.mp3 Category: podcasts -- posted at: 11:27 PM |
|
Tue, 24 June 2008 Long podcast tonight! Rich and I are joined by Adam Shostack, bandleader of the Emergent Chaos Jazz Combo of the Blogosphere and co-author of The New School of Information Security.
Oh yeah, he does this thing during the day where he does security stuff
for some company called Microsoft. Adam's been around a while, done
more than a few things in his time, and has a lot to say about
security. Funny thing is, Rich and I both agree with most of what he
has to say; kinda scary isn't it? Show Notes:
Yes, even with only two articles, we almost went an hour. [display_podcast] Network Security Podcast, Episode 109, June 24, 2008
Time: 55:31 Direct download: nsp-062408-ep109.mp3 Category: podcasts -- posted at: 10:19 PM |
|
Tue, 17 June 2008 Back to just Rich and I this week. We're both running around like
chickens with out heads cut off, so we were lucky to be able to get a
show in this week. Coordinating with a guest would have been more than
we could handle. I'm sure we'll be back to a more normal schedule next
week. More 'hoping' than 'sure', but only one way to find out. Show Notes:
Network Security Podcast, Episode 108, June 17, 2008
Time: 30:49 Direct download: nsp-061708-ep108.mp3 Category: podcasts -- posted at: 10:03 PM |
|
Tue, 10 June 2008 Long podcast today, but worth every moment of it. Author, blogger, podcaster and CTO of Cigital Software Security, Gary McGraw joined us on the podcast this week. This is the second time Gary has been on the podcast
and in another 100 or so podcasts I'm sure we'll be inviting him back.
I'm releasing this week's podcast early mostly because it was done
early. And I'll be on a plane tonight when I normally release the
podcast. Portland, here I come. Show notes:
Network Security Podcast, Episode 107, June 10, 2008
Time: 58:55 Direct download: nsp-060908-ep107.mp3 Category: podcasts -- posted at: 9:35 AM |
|
Tue, 27 May 2008 Short show tonight folks, Rich is under the weather and our guest had
to bail at the last minute due to a personal emergency. We'll work at
getting Jeremiah Grossman from White Hat on in the next couple of
weeks. In the mean time Rich and I dug up a few news stories to talk
about. Show Notes:
Network Security Podcast, Episode 106, May 27, 2008
Time: 25:47 Direct download: nsp-0527080-ep106.mp3 Category: podcasts -- posted at: 10:10 PM |
|
Tue, 20 May 2008 Rich and I were joined tonight by a Phoenix local and fellow security
blogger, Adrian Lane. Adrian is the CTO at IPLocks and blogs about data
security at Information Centric Security. We had a lot of topics to
talk about tonight and wrapped up by spending a few minutes discussing
security at the information level. Go figure. Adrian brought two
decades worth of security experience (and ‘network hair’) to tonight’s
podcast. And to no one’s surprise, we had a privacy issue that we spent
more time on than we probably should have.
Show Notes:
Network Security Podcast, Episode 105, May 20, 2008
Time: 45:09
Direct download: nsp-052008-ep105.mp3 Category: podcasts -- posted at: 10:21 PM |
|
Tue, 13 May 2008 We're back, me from being ill, Rich from some alone time with his
wife. Nothing really interesting to talk about other than what's in
the show notes, so I'm not going to waste a lot of time writing about
it. Show Notes:
Network Security Podcast, Episode 104, May 13, 2008
Time: 33:12 Direct download: nsp-051308-ep104.mp3 Category: podcasts -- posted at: 11:10 PM |
|
Tue, 13 May 2008
A few weeks ago I had a chance to have lunch with Mike Smith,author of the Guerilla CISO,
in Washington, DC. Mike’s area of expertise is FISMA and he’s an
experienced educator in the area. Mike feels about FISMA much like I do
about PCI: it’s not perfect, but it’s a heck of a lot better than what
came before.
NSP Microcast: Mike Smith, Guerilla CISO
Time: 9:00
Direct download: nsp-guerilla-ciso.mp3 Category: podcasts -- posted at: 10:33 AM |
|
Tue, 22 April 2008 Rich and I tried to make up for last week's podcast by keeping
things a little shorter tonight. The operative term of course is
'tried'; we managed to shave a couple of minutes off the podcast, but
that's about it. Tonight's theme was vulnerabilities in web sites,
ranging from the Obama site being hacked to Dan Kaminsky's latest DNS
issues and on to PCI requirement 6.6. There was a lot going on tonight
and we could have almost made a show from any one of these topics.
Show Notes
Network Security Podast, Episode 102, April 22, 2008
Direct download: nsp-042208-ep102.mp3 Category: podcasts -- posted at: 11:44 PM |
|
Tue, 15 April 2008 Rich and Martin review some of the events that went on at RSA,
including Rich's Analyst panel and Thursday morning's 'Avoiding the
Security Groundhog Day' panel. Neither of us were all that impressed
with the showroom floor or the keynote speeches given at RSA, but we
both enjoyed getting reacquainted with the security professionals we
tend to only catch up with at events like this. Finally we talked about
what events we'd go to in pursuit of furthering a burgeoning security
career. And just in case you're wondering where Episode 100
is, it was the live video we took last week at the Security Bloggers
Meetup. Not that anyone could have missed it, given the amount we've
been talking about it lately. Tonight's Music: Pride by Paula ToledoNetwork Security Podcast, Episode 101, April 15th, 2008
Time: 42:26 Direct download: nsp-041508-ep101.mp3 Category: podcasts -- posted at: 11:01 PM |
|
Fri, 11 April 2008 David Mortman, CSO in Residence for Echelon One, discusses the Security Groundhog Day panel that Martin and I also participated on.
Direct download: nsp-RSA2008-DavidMortman.mp3 Category: podcasts -- posted at: 7:02 PM |
|
Wed, 26 March 2008 Network Security Podcast 99! Show NotesEdit: Appears that something went wrong with iTunes and it didn't pick up on this week's podcast. Trying to fix it. Network Security Podcast, Episode 99Direct download: nsp-032508-ep99.mp3 Category: podcasts -- posted at: 12:34 AM |
|
Tue, 18 March 2008 Do you smell that? No, not the fresh air of spring, that other smell. You know, conference season. This week we're joined by the mediaphyter herself, Jennifer Leggio.
Jennifer is one of the main coordinators for this year's Security
Blogger Meetup at RSA, and she and I were both at SOURCE in Boston. We
spend a fair bit of time this week talking about the security blogging
community, review SOURCE, prep for RSA, and squeeze in a few security
news items. Oh, Jennifer, the reason we can blog so much? It's because
we don't think about it, we just spew the words on the screen. Show Notes
Network Security Podcast, Episode 98, March 18, 2008
Time: 41:42 Direct download: nsp-031808-ep98.mp3 Category: podcasts -- posted at: 10:59 PM |
|
Wed, 12 March 2008
Rich and Martin are joined tonight by Tim Krabek, author of the Security and Technology for SMB’s and SOHO’s blog. Tim’s a fellow Security Catalyst
member and just happened to be around when we were recording tonight.
We invited him on to get a slightly different view of security, mainly
from someone who’s still in the trenches. Tim is working with small
businesses and has to fight the good fight, something Rich and Martin
sometimes forget about. Thanks for joining us tonight, Tim.
Show Notes:
Network Security Podcast, Episode 97, March 11, 2008
Time: 37:04
Direct download: nsp-031108-ep97.mp3 Category: podcasts -- posted at: 12:45 AM |
|
Tue, 4 March 2008 We're both at home this week, so we had a pretty good show tonight.
Martin will be on the road for the next few weeks and Rich will be in Boston at the SOURCE conference,
so we'll be recording a day or two early for a change. We'll probably
still release the podcast on Tuesday, so there won't be much of a
difference as far as your concerned. Rich will be presenting at SOURCE
with Christofer Hoff, which may be one of the signs of the Apocolypse.
There's been a few interesting developments in hacking into systems, so
make sure you keep a hand on your laptop when you're out at the coffee
shop. Visit Securosis.com and tell your identity theft stories to win a
chance for a year's worth of protection from Debix.
Show Notes:
Network Security Podcast, Episode 96, March 4, 2008
Time: 34:23
Direct download: nsp-030408-ep96.mp3 Category: podcasts -- posted at: 11:17 PM |
|
Tue, 26 February 2008 After a week's break for Rich to have shoulder surgery and for Martin
to travel to Montreal on business, we're back and at least as good as
ever. We've got a lot of good articles to talk about and some
interesting news at the end of the podcast. We'll be participating in
a panel together at RSA, BUS-302, Avoiding the Security Groundhog Day,
along with a few friends of ours from the Security Catalyst
Community. We'll be covering RSA on a daily basis and even be doing
some live video from Security Bloggers Meetup this year, as long as the
technology cooperates that is. Watch for a giveaway Rich will be doing
on Securosis.com later this week. Show Notes:
Network Security Podcast, Episode 95, February 26, 2008
Time 41:50 Direct download: nsp-022608-ep95.mp3 Category: podcasts -- posted at: 7:58 PM |
|
Thu, 14 February 2008 If you listen to Still Secure After All These Years
(who came up with that awful, long, hard-to-type title?), then this
episode should sound familiar to you, or more accurately, exactly the
same. Rich and Martin crashed the most recent recording of SSAATY and
spent some time talking about the effects social networking is going to
have on people's careers in the future. If you have a MySpace or
Facebook account, you need to give some serious thought to what you're
putting up there and what impact it might have on you in your next job
search. We all want to know who decided that HP is employing 9
of the top 11 hackers and how they ranked them. Do you only qualify as
a 'top hacker' if you work or have worked for HP/SPI Dynamics? That's
the only thing that makes sense. Maybe they'll reveal who these hackers
are at RSA and post a new top 59 list. Speaking of which, if you're a
security blogger or podcaster who's planning on being at RSA, drop us a
line and we'll fill you in on an event that's happening there. Network Security Podcast, Episode 94
Time: 41:38 Direct download: nsp-021308-ep94.mp3 Category: podcasts -- posted at: 11:08 AM |
|
Tue, 5 February 2008 Tonight's special guest is Mike Murray the author of Epistime.ca.
We headed into the land of paranoia and conspiracy theories given
recent goings on under the sea in the Middle East. We all agree that
these events probably are random, but it still leaves us with raised
eyebrows. Show Notes:
Network Security Podcast, Episode 93, January 29, 2008
Time: 51:07
Direct download: nsp-020408-ep93.mp3 Category: podcasts -- posted at: 10:01 PM |
|
Wed, 30 January 2008 Rich and I were joined by a pair of special guests tonight, Marcin Wielgoszewski and Andre Gironda from the ts/sci security blog.
The story goes something like this: Andre and Marcin plied Rich with
beer after the last SunSec meeting until he agreed to let them on the
podcast. In any case, Marcin and Andre bring a level of web
application security knowledge we don't often have on the podcast.
They'll be giving a talk at Shmoocon called Path X: Explosive Security Tools using XPath. Good luck guys, I just wish I could be there (with a couple shmooballs)
Show Notes:
Network Security Podcast, Episode 92, January 29, 2008
Time: 35:48 Direct download: nsp-012908-ep92.mp3 Category: podcasts -- posted at: 2:11 AM |
|
Tue, 22 January 2008 We're back to a standard format tonight with Rich and I catching up on recent events in our lives and talking about current events in security. We talk about our brief meeting while he attended Macworld and I went to watch Fortify's New Face of Cybercrime. As I promised over the weekend we talk about credit protection and the companies offering it. Thanks to reader Ed, who gave us more information on the companies in the field. We wrapped up tonight with some career advice for reader Roman Daszczyszak. Rich and I respond to Roman as best we can in a short time, but I know there are others out there who will be able to add a lot more to what we've said. I'm including Roman's email in the extended show notes, please leave comments with suggestions of your own for the next step in his career. Show Notes:
Network Security Podcast, Episode 91, January 22, 2008
Time: 40:30 Roman's Letter: I've been listening to the netsec podcast for a couple of months now, along with going back and listening to the older ones as my commute allows. I recently listened to one referencing the August 2007 Security Roundtable regarding security careers and wanted to ask some questions. The SR podcast seemed to deal with the means of finding a security job, which is always good to know, but I am more concerned with what types of jobs are out there and what skillsets are "Good to have", "Must have" and similar. I realize that information security is a large field, and skills for one job do not necessarily translate into skills for another, but I believe there is a great deal of overlap. Let me give a brief overview of my own situation and maybe what I'm asking will be a bit clearer. I'm relatively new to the IS field. My current job is an information systems security guy for the US military, with 4 years prior experience as a soldier doing similar work. As a soldier, I was stuck with the 'many hats' problem, being lead systems administrator, squad leader, information assurance officer, COMSEC officer, along with my standard duties (Humvee driver and user-level mechanic, etc). FYI, 'officer' is misleading; I was a junior enlisted with a lot of responsibilities yet little authority. The job did give me a taste for security work though, and once my enlistment was up, I switched to being a contractor. My current job has allowed me to focus on information security, but I am the only person in the shop specifically tasked for it. Most of the shop is composed of Windows systems administrators whose security experience seems to be "rather light". I had hoped to work with a team of security professionals first as a junior member, to gain experience and sponge off their collective knowledge, but that isn't the case so far. I have been working in this job for almost three years now and know that I do not plan to stay more than an additional two years at most. It's a good job, but I feel that I will have done all I can for them and me by that point. I feel this would be different if I were not "on my own" as it were, but I do not foresee that changing. Recently, I did obtain my CISSP (partly my own initiative, partly due to DoD Instruction 8570.1 requiring certification for government IA personnel). I am aware of several broad areas of 'jobs', such as a penetration tester, security auditor (like your new job, congrats!), and technically-specific jobs (firewall administrator, IDS administrator, etc). In planning for 'my next step' I would like to figure out which way to go, and thus what sort of skills are important (or will be, which I don't expect you to prognosticate) in these areas. The areas I feel are important are programming, understanding the basic technologies "out there", understanding how they all work together, and most importantly how the organization's business works so these technologies can be applied securely. To that end, I read O'Reilly books almost every night, along with going to school to finish my Bachelors (see below for more on that). I'm working on learning Perl for its versatility, yet I really hope to get a good foundation in 'programming' in general (via school and self-study) so that as vulnerabilities come out, I can at least understand what it is and really, how much of a threat it can be to an organization. I want to understand the technologies, so that I truly can secure what the organization is using (as well as know when the sysads are trying to snow me). At the same time, I know security isn't all about technology; the users and human processes are THE weakness normally. Does this mean I need to pick up a minor or double major in Business? Will I hate myself afterwards? :) Speaking of school, I'm a 'non-traditional student' currently attending a school that really caters to soldiers trying to pull off 'some sort of degree while being in non-optimal locations', so the degree choice I have for computers is 'Computer and Information Sciences' which really feels like 'CompSci lite; aka lacking higher math requirements'. I have the option of moving to a better location to get an actual Computer Science or Computer Engineering degree, but I'm not sure if that would be relevant or necessary to security. I agree with the SR points about writing well, being able to network, and sell yourself.. but my question comes down to, 'OK, I sold myself and got the job; now what?' Thank you for taking the time (in advance) to read this. I look forward to your thoughts; I'm not expecting the 10 commandments or something, just hoping for some sound advice from someone with more experience/greater depth in the field than I currently possess. Regards, Roman Direct download: nsp-012208-ep91.mp3 Category: podcasts -- posted at: 11:26 PM |
|
Tue, 15 January 2008 Martin is flying solo on the podcast tonight, sort of. Rich is at
Macworld this week and phoned in a two segments, one on Steve Jobs
keynote address and one on security vendors at the show. Add to that
one Mac-related security item and we've got a pretty Apple heavy show
this week. Everyone else in anything related to tech is covering
Macworld, so why not us? Show notes:
Network Security Podcast, Episode 90
Time: 27:41 Direct download: nsp-011508-ep90.mp3 Category: podcasts -- posted at: 11:58 PM |
|
Tue, 8 January 2008 We're back, just not as soon as we'd hoped. I'm on some older sound
hardware, since I'm waiting for the coffee to finish drying inside my
Yamaha mixer after last Friday's server meltdown.
And maybe older is better, since Rich and I had pretty good sound this
week. We're getting the year started with a topic that's near and dear
to both Rich and I, Privacy. Rich will be at Mac World next week, so I
may be flying solo. Won't that be strange?
If you haven't already done so, please subscribe to the FeedBurner RSS. The old ones are permanently broken.
Show Notes:
Network Security Podcast, January 8, 2008 - Episode 89
Time: 35:26 Direct download: nsp-010808-ep89.mp3 Category: podcasts -- posted at: 5:04 PM |
|
Wed, 19 December 2007 Have a Merry Christmas and we'll see you next year!
Show Notes:
Network Security Podcast, Episode 88
Time: 49:27 Direct download: nsp-121807-ep88.mp3 Category: podcasts -- posted at: 1:29 AM |
|
Wed, 12 December 2007 Prognostication: prediction, a statement made about the future. Tonight's podcast features Chris Hoff, friend, blogger
and the Chief Architect of Security Innovation at Unisys, who joins us
to talk about some of his predictions of what 2008 will bring us in the
security sphere. While Chris doesn't claim that his crystal ball is
any clearer than other security thinkers like Richard Stiennon or Mike
Rothman, he does have some strong opinions and is perfectly willing to
share them. I'm looking forward to next week when we come back to
Chris and try to think of some of the good things that will be coming
out of security in the future. By the way, Chris gets paid by
the vowel, so someone will have to come up with a reaaaallly long title
if they ever expect him to leave Unisys. Show Notes:
Network Security Podcast, Episode 86
Time: 54:36 Direct download: nsp-121107-ep87.mp3 Category: podcasts -- posted at: 1:07 AM |
|
Tue, 4 December 2007 This shouldn't even properly called and episode, since it's under two
minutes in length, but I wanted to let everyone know why there's not a
real show tonight. Rich and I didn't realize until the last moment
both of us would be traveling today and wouldn't be able to record a
real podcast. Rich is at the SANS Encryption Summit in Florida, while I'm at the Pacific Information Security Summit today and headed down to Los Angeles tonight. We'll return you to your regularly scheduled podcast next week. Network Security Podcast, Episode 85.5
Time: 1:50 Direct download: nsp-120407-ep86.mp3 Category: podcasts -- posted at: 9:32 AM |
|
Wed, 28 November 2007 Rich and I were joined tonight by a former co-worker and friend of Rich's, Amrit Williams. Amrit is the CTO of BigFix and blogs over at the Observations of a digitally enlightened mind
blog. This was less of an interview and more of three security
professionals getting together on a Saturday morning to talk about the
events going on in our sphere of influence. And as you might expect
from us, the podcast went longer than we aim for, but only a little.
But most importantly, we had good audio quality for the entire
podcast. Or at least Rich wasn't fading in and out. The bad part is
we don't think we changed anything, which means we've just been
operating at the whims of Skype and the Internet, but we'll be keeping
an ear out for problems in the future.
Show Notes:
Network Security Podcast, Episode 85
Time: 46:59
Direct download: nsp-112707-ep85.mp3 Category: podcasts -- posted at: 12:53 AM |
|
Tue, 13 November 2007 Has it really been two years since I started the podcast? Looking at
the date of the first MP3, it really has been. If you want to listen
to a blast from the past, stick around for the last 10 minutes of the
podcast where Rich and I listen to my first podcast and pick at it
Mystery Science Theater style. Or you can save your eardrums and 10
minutes of your life by quiting before then. I hate listening to my
old podcasts.
Thanks to Rich, we have a new site dedicated to the podcast, netsecpodcast.com.
This is where you'll find the show notes and can subscribe to a podcast
only feed. We'll occasionally work on joint projects here, but it's
going to be almost entirely podcast related for the most part.
And congratulations to Paul and Larry
who've also reached the two year mark for podcasting. This makes us
some of the earliest security podcasts out there, if not the earliest.
Show Notes:
Network Security Podcast, Episode 84
Direct download: nsp-111307-ep84.mp3 Category: podcasts -- posted at: 8:19 PM |
|
Wed, 7 November 2007 Two weeks ago there was no podcast because I was in Chicago. Last
week I was at a clients until late and Rich took the opportunity to
interview Glenn Flieshman from TidBITS and Wi-Fi Networking News.
But this week I'm back and despite rumors to the contrary Rich has not
had me offed so he can take over the podcast. Not that such rumors
really existed, but sometimes it's fun to start them.
We have a
good show tonight, since there's a lot going on right now with huge
purchases, web enabled video cameras and security company founders
being arrested. That's one of the things I love about working in
security: never a dull moment. Of course, that's often what we hate
about security too.
Show Notes:
Network Security Podcast, Episode 83
Time: 46:52 Direct download: nsp-110607-ep83.mp3 Category: podcasts -- posted at: 12:13 AM |
|
Wed, 31 October 2007 Okay, it's not that scary, other than the fact Martin isn't even in the episode this week. That's right, I flew solo and invited Glenn Fleishman from TidBITSGlenn Fleishman is a TidBITS contributing editor and a Seattle journalist who covers technology for publications like The New York Times, Popular Science, and The Economist. He blogs daily about Wi-Fi and other wireless networking at Wi-Fi Networking News. Glenn lives in Seattle with his wife Lynn, sons Ben and Rex, two iPhones, and a dozen Macs of various vintages. This is one of the most significant updates to the OS X series of the Mac operating system, with more dedicated security updates than any other version. But although Apple clearly invested in security, they didn't necessarily finish the job. A combination of incomplete security feature implementations and some new operating system features with security implications make this a release for us security geeks to keep our eyes on.
Show Notes:
- Rich's pre-release TidBITS article on Security Improvements in Leopard
- Thomas Ptacek's article evaluating the Leopard security features, post-release
- The ISFYM (Internet Security For Your Mac) post on Back to My Mac security problems by Open Door Networks
- follow up article on Leopard Security
Network Security Podcast, Episode 82, October 31, 2007
Direct download: nsp-103107-ep82.mp3 Category: podcasts -- posted at: 7:13 PM |
|
Wed, 17 October 2007 Tonight's podcast is a little on the short side because of the fact
that I'm on the road and we're still trying to figure out how to
record. I owe Rich a big thanks for doing all the heavy lifting for
tonight's podcast, including purchasing a copy of Audio Hijack Pro,
recording the podcast and doing all the editing. Of course, now he has
an idea of what I go through every week; a little empathy is usually a
good thing.
We're a bit heavy on the Apple side of things tonight, but that's
because there's so much interesting stuff going on with them right
now. We barely even touched on the fact that Apple is going to be
releasing an SDK for the iPhone and other similar products. I'll be
interested to see what hoops developers will have to jump through to
get the SDK and what additional hurdles they'll face in getting their
code signed by Apple.
I'm really enjoying my time in Denver, though I'm ready to get back to
the wife and kids. I had some plans to meet up with a few security
professionals in the area, but those fell through. I'll be in Chicago
all of next week and plan on attending ChiSec,
but if you're in the area drop me a line; I'll probably be available
Monday and Wednesday nights, and maybe even Tuesday night if Rich and I
can get the podcast recorded in a reasonable amount of time. Barring
technical difficulties that is.
Show Notes:
- OS X Leopard release and security features
- iPhone Metasploit package
- Russian Business Network
- Citrix flaws or bad configuration
- Sorry, no music tonight
Network Security Podcast, Episode 81, October 17, 2007
Direct download: nsp-101707-ep81.mp3 Category: podcasts -- posted at: 10:39 PM |
|
Wed, 10 October 2007 Rich and I wandered into the realm of politics several times in this
podcast, something we're gong to try to avoid for the most part in the
future. Listener feedback brought out some of the our own strong
feelings so we went along with it. Neither Rich nor I want to turn
this into a political podcast, mostly because neither of us feel
qualified to comment on politics. I guess that any time you start
wandering into an area people feel strongly about, it gets political,
which makes it hard to avoid politics all together. By the way,
at one point in the podcast I couldn't remember the name of a software
author. The guy who's name I fumble over is Mark Russinovich, formerly
of Sysinternals, now working at Microsoft. And the comments I made
about the CyberSpeak Podcast are from the 23 Sep 2007 episode. Show Notes:
Network Security Podcast, Episode 80, October 9, 2007
Time: 46:51
Direct download: nsp-100907-ep80.mp3 Category: podcasts -- posted at: 12:26 AM |
|
Wed, 3 October 2007 Rich and I ran into technical difficulties before we started tonight,
since we both wanted to try something new with our equipment. I have
to go back to my old days of working on Army radios and remember to
only change one component at a time. We'll remember that next time.
Sorry if the quality isn't quite up to it's usual standards, we'll do
better next week.
Show Notes:
- Microsoft's Stealth Update
Network Security Podcast, Episode 79
Time: 46:30
Direct download: nsp-100207-ep79.mp3 Category: podcasts -- posted at: 12:24 AM |
|
Tue, 25 September 2007 This weeks podcast is going up a bit early so I can run off to San Francisco to meet Chuck and Kreg from Technorama.
Rich was nice enough to take some time out of his morning to record the
podcast, though I'm beginning to think that recording at 8:00 am is
just a bit too early for either of us. Rich and I spend some time
today talking about our personal home networks as well as Rich's stray
cat problems.
Show notes:
Network Security Podcast, Episode 78
Time: 53:01 Direct download: nsp-092507-ep78.mp3 Category: podcasts -- posted at: 5:28 PM |
|
Wed, 19 September 2007 Well, Rich and I ramble a little in this episode, but it's for a good
reason. We got side tracked talking about the wonders of airline
security and some of the tools you can use to protect yourself while
ordering stuff online. One of the things I mentioned in the podcast is
a tool my credit card company offers; it creates a valid, temporary
credit card number on the fly that's valid for a relatively short
period of time, say 30 days. I doubt this would save anyone from a
compromise such as what's happened to TD Ameritrade, but if you're
making a one-time purchase, it's a very good tool to use. Here's an
older article that lists about half a dozen of the different temporary number generators.
Show Notes:
Network Security Podcast, Episode 77
Time: 51:37 Direct download: nsp-091807-ep77.mp3 Category: podcasts -- posted at: 1:01 AM |
|
Tue, 11 September 2007 By popular demand, Rich is back this week and will be the continuing
co-host for the Network Security Podcast. Truthfully, we've received
nothing but positive feedback for bringing Rich on board. Rich starts
a new segment, Talking to the Suits, his wit and wisdom on dealing with
the folks who are making the decisions and signing the checks. I guess
I'll have to come up with a segment of my own again. Show Notes:
Network Security Podcast, Episode 76
09-11-07 Host: Martin McKeay, Co-host: Rich MogullDirect download: nsp-091107-ep76.mp3 Category: podcasts -- posted at: 11:36 PM |
|
Wed, 5 September 2007 Rich Mogull from Securosis.com
did me the personal favor of co-hosting the show tonight. Rich brings
seven years of experience as a Gartner analyst to the table, as well as
being one of the smartest security professionals I know. Rich will
bring his knowledge of dealing with some of the biggest user bases and
the biggest security vendors in the world. We're flying by
the seat of our pants as far as organizing the podcast, so let us know
what you like about the new format. I think that having a co-host will
bring a lot greater depth the to the podcast and allow us to look at
more than one viewpoint each episode. If there was something about
this weeks show you especially liked, let us know. Show Notes:
Network Security Podcast, Episode 75
Time: 55:20 Direct download: nsp-090407-ep75.mp3 Category: podcasts -- posted at: 12:43 AM |
|
Wed, 29 August 2007 Tonight's podcast is an interview with Marc Maifrett, Chief Technology
Officer for Eeye Digital Security. I also talk a little bit about a
couple of the issues that caught my attention this week, a paper on the
Point of Sales vulnerabilities and the recent Sony rootkit on a USB
stick. One thing I forgot to mention in the podcast is that Paul and Larry sent me a signed copy of their book, Linksys WRT54G Ultimate Hacking.
I'm planning on turning my spare WRT54G (version 6) into a VPN server
in the not too distant future, so that next time I go to an event like
Defcon, I'm a little less worried about accessing the Internet.
Show Notes:
Network Security Podcast, Episode 74
Time: 42:04 Direct download: nsp-082807-ep74.mp3 Category: podcasts -- posted at: 1:06 AM |
|
Wed, 22 August 2007 Winn Schwartau is a character and the brains behind Security
Jeopardy every year at Defcon. I met him at the event briefly this
year and was able to talk him into giving me an interview for the
podcast. Of course, getting him to do the interview was as easy as
asking, but setting up the call was a bit of a comedy of errors. This
interview was recorded Sunday, August 19th.
Show Notes:
- BaySec and CitySec
- Attend one near you, just for the networking opportunities. It's an
informal meeting of security professionals getting together to talk.
- Security Round Table: Security Career Success
- Pearl Harbor dot Com
- One of Winn's books. I haven't watched the last two Die Hard movies,
so send me an email if you read the book and seen the movie.
- Tonight's Music: I'm no Superman by DualCore
Network Security Podcast, Episode 73
Time: 33:50 Direct download: nsp-082107-ep73.mp3 Category: podcasts -- posted at: 12:51 AM |
|
Fri, 17 August 2007 The Security Round Table isn't dead! It's been a busy last few months, but the latest episode is now available for download.
The audio's a little rough, so we're searching for an alternative to
Skype for recording. We're already planning the next session, so
hopefully there won't be any more large gaps between episodes.
We had an excellent panel together to talk about how you can build a successful security career, with Michael Santarcangelo, Mike Murray, Dan Sweet and Ron Vereggen.
Any one of these gentlemen would be an outstanding career coach by
themselves, but having them all together on one phone call made for an
exceptionally enlightening session. I add a little flavor as someone
who's in the middle of a job search right now. There's a lot of good
information here, whether you've already got a career in security or
are contemplating one.
Download the podcast directly: 
Category: podcasts -- posted at: 10:34 AM |
|
Wed, 15 August 2007 Four years of blogging as of today! Thanks to everyone who's supported
me while I've been doing it and hello to all the friends I've made
thanks to the blog. Looking forward to several more years of blogging
to come. Unless someone decides to pay me a large amount of money to
stop blogging that is. Tonight is my wrap up of Black Hat, Defcon and
Linux World, all of which were interesting for various reasons. Thanks
again to Tinfoil for making it possible for me to attend!
Show Notes:
Network Security Podcast, Episode 72
Time: 33:22 Direct download: nsp-081407-ep72.mp3 Category: podcasts -- posted at: 1:06 AM |
|
Wed, 1 August 2007 Getting ready for the next week of conventions, with the end of Black
Hat, all of Defcon and Linux World next week. If you're at any of
these events, look me up, though I'm already pretty booked for the
entire week. I think I have some time still free Saturday and Sunday
night, but I'm sure those will fill up once I get to the event. Some
day I'm going to do a blooper show of all the mistakes I make while
recording a podcast; there was a lot of editing to do tonight.
Show Notes:
Network Security Podcast, Episode 71
Time: 21:07 Direct download: nsp-073107-ep71.mp3 Category: podcasts -- posted at: 1:06 AM |
|
Wed, 25 July 2007 No need to listen to me ramble tonight, since I have an interview for
you. Okay, maybe I ramble a little, but I let Tod Feinman CEO of Identity Finder
do most of the talking. I'm posting a shortened version of the
interview to Podtech if you just want the good stuff. I'm looking
forward to Black Hat and DefCon next week, especially since this is a
great chance to meet people I've only talked to online. I'll have the
NSP feedback phone with me at both events, so if you're there, look me
up.
Let me know what you think of the new mic. I'm still working out some
of the kinks, like figuring out the correct compression. The Heil
PR-40 is a dynamic mic, while my old mic, an AT2020, is a condenser mic
which is much more sensitive to background noises. Let me know what
you think, and if you really want to talk shop about mic's, compression
and limiters, contact me offline.
Tonight's Music: Evil Place by Stingray
Network Security Podcast, Episode 70
Time: 37:16 Direct download: nsp-072407-ep70.mp3 Category: podcasts -- posted at: 12:35 AM |
|
Wed, 18 July 2007 I'm still getting back into the swing of doing the podcast, but I can
feel the mental muscles I use to talk for 30 minutes at a time
loosening up a little. Tonight's a little heavy on the Apple front,
but given the amount of press some people have been giving the iPhone
recently, I figure one podcast containing a iPhone story isn't all that
bad. Part of me still wants an iPhone whether it has vulnerabilities
or not. Of course, I just realized that I still haven't seen an iPhone
in person, so maybe I've just fallen for the Apple marketing. Show notes:
Network Security Podcast, Episode 69
Time: 27:36 Direct download: nsp-071707-ep69.mp3 Category: podcasts -- posted at: 1:05 AM |
|
Wed, 11 July 2007 Tonight's podcast is all about me and why I am no longer the Cobia Product Evangelist.
I promise, this is the only podcast I'll be doing on this subject, and
I'll be back to my normal podcast format again next week. But the
important part of the message is, I'm back and I don't plan on letting
anything interfere with the regularly scheduled podcast from now on.
Not sure if that's how life is really going to go, but that's my plan,
for what it's worth. Tonight's music: One Room Castle by Bari KoralNetwork Security Podcast, Episode 68
Time: 16:14 Direct download: nsp-071007-ep68.mp3 Category: podcasts -- posted at: 1:31 AM |
|
Thu, 10 May 2007 Neither allergies nor allergy medicine could stop me from recording a
podcast last night. It's short, but it's out, which is what was
important to me. I have a few articles I talk about shortly, plus I
introduce the first real segment to the show. Appropriately called the
"Events Segment", it's where I talk about the events I've been to or am
going to in the near future.
I forgot to mention one thing that was really important to me on the show last night: I have my own channel on Podtech, the Security Show.
Now I just have to make the time to create more content. That's part
of tonight's efforts, my first real video blog I do from start to
finish. Should be interesting.
Show notes:
Network Security Podcast, Episode 67
Direct download: nsp-050907-ep67.mp3 Category: podcasts -- posted at: 5:25 PM |
|
Wed, 18 April 2007 Finally, episode 66 is out! Or at least that's the way it feels to
me. Life has been incredibly busy, though I'm starting to get a handle
on everything I need to do on a daily basis and I'm able to make the
time to podcast again. I'll be honest, this show is a little more of a
ramble than I usually record, but I guess that's what to expect after a
three week break.
Show notes:
Network Security Podcast, Episode 66, April 17, 2007
Time: 29:46 Direct download: nsp-041707-ep66.mp3 Category: podcasts -- posted at: 10:13 AM |
|
Thu, 29 March 2007 I'm home for the next couple days, but no rest for the weary. I had to
get this off of my plate first, but I've still got another podcast to
edit and a few video blog entries. This stuff all takes time.
Today's is a short podcast, the majority of it is the interview with
Dean Turner from Symantec. There's a lot more here than made it into
the Podtech interview. That was just a teaser for the full interview.
Besides, Podtech wants shorter segments, or so they've told me.
If you've sent me an email in the last week and I haven't responded,
please resend it. Shmoocon was great, the press tour with Mitchell
Ashly has been a learning experience, but if I didn't respond to any
email you sent in that time, it wasn't personal.
Network Security Podcast, Episode 65, March 29, 2007
Time: 25:05 Direct download: nsp-032907-ep65.mp3 Category: podcasts -- posted at: 4:20 PM |
|
Wed, 14 March 2007 I'm home this week, but next week is already looking hectic and
crowded. I've got a lot of listener feedback tonight, in fact 90% of
the show is based on feedback I've received over the last week.
Listener Eduardo wanted to know about becoming a CISSP, so along with a
bit of editorial ranting about the ISC2. Ben from Canada had a
good idea: since my time is very limited right now, I should include
contributions from listeners. If you would like to contribute a
segment to the show, drop me a line with your idea. Contact me before
you spend too much time on anything, because I probably have some hints
on how to make your sound better. You can leave me a voicemail on the
Gizmo line, but be know what you're going to say before hand because it
only has about two minutes of recording time. Network Security Podcast, Episode 64, March 13, 2007
Time: 29:24 Show notes:
- The Social Security Number Debate - should your SSN be published for the public to see? - Michael Farnum's Computerworld post on the Texas SSN bill. Michael, Cutaway
and I are pretty much on the same page concerning this bill, while Pete
Lindstrom has a very different view. I guess it shows that I IM or
email Michael and Cutaway almost daily.
- A more secure OS X before Leopard (part 1 and part 2)
- I'd been looking for some good articles on making my Mac Book Pro and
these two articles did an extremely good job of pointing me in the
right direction.
- CISSP Professional Experience Requirements
- I'm looking for some feedback on Cobia
and places to talk about the Unified Network Platform in the next
couple of months. If you know of an event that's looking for speakers,
let me know and if it fits into my schedule, I'll get StillSecure to
fly me out. We're moving into Beta soon, but you can check out a
VMware image of the Alpha right now.
- Tonight's Music: The Peace Within by Barry Mc Cabe
Technorati Tags: security, McKeay, CISSP, Direct download: nsp-031307-ep64.mp3 Category: podcasts -- posted at: 1:17 AM |
|
Wed, 7 March 2007 Tonight's podcast was hurried and unluckily it probably shows. I went
to the local System Administrators meeting to see a presentation on
Rails, but the speaker apparently thought we were developers or just
didn't care. I understand not being a good presenter, but putting the
time and effort into your presentation to make it fit the audience is
inexcusable in my book. Oh well, I may have the opportunity to put my
money where my mouth is in a couple of months.
Denver was great last week. I got to meet everyone at StillSecure, met
several members of the Trusted Catalyst Community and went for beers
with a listener in downtown Boulder. I hope to do so more often in as
I start my travels around the country. I look forward to meeting a lot
more security professionals.
By the way, this whole thing with the Texas House of Representatives
voting to release Social Security numbers really has me riled up. I
hope someone can talk some sense into their legislators.
Show Notes:
Network Security Podcast, Episode 63, March 6, 2007
Time: 23:11
Direct download: nsp-030607-ep63.mp3 Category: podcasts -- posted at: 12:45 AM |
|
Wed, 21 February 2007 #&*@^&!$#!
I accidentally recorded tonights at 8kbps instead of my normal 44.1
kbps. If I didn't have family in town I might have tried recording it
over, but I do so I didn't. Hopefully next weeks show will be back up
my normal editing standards. I know what I did wrong, but it was too
late to fix it. The worst thing is, it didn't even result in a smaller
file size, since I upsampled the audio to equal the music. I'm
modifying the ID3 tags a little at the request of a listener, to put
the information where it probably should have been from the beginning.
Tonight's show is different than most of the podcasts I've done in the
past; it's about me. I've had some major changes in my life over the
last few weeks and talk about that in tonight's podcast. You'll have
to listen to the podcast if you want to know the details, but let's
just say I'm really happy to finally have a security job where I not
only feel safe talking about my company, it's a requirement of the job.
There's going to be some unavoidable adjustments to the blogging and
podcasting schedule over the next few weeks, but I plan on making it
minimal. I'm going to be traveling a lot which may disrupt the podcast
schedule,despite any plans I may have. I've got a MotoQ, so the
connection to the internet will be there, it's just the time I may not
have in the near future.
Network Security Podcast, Episode 62, February 20, 2007
Time: 33:58
Sponsored by: Astaro Internet Security
 Direct download: nsp-022007-ep62.mp3 Category: podcasts -- posted at: 1:16 AM |
|
Wed, 14 February 2007 We're back on track tonight! RSA is over and my schedule is resuming
something like a normal beat. For some reason though, I've been more
busy than I was when I was working. Speaking of working, I hope to
have some news on that front in the near future; despite my planning I
may not have nearly the rest and relaxation time I had hoped for.
Show notes:
Network Security Podcast, Episode 61, February 13, 2007
Time: 27:33
Sponsored by: Astoro Internet Security
Direct download: nsp-021307-ep61.mp3 Category: podcasts -- posted at: 1:39 AM |
|
Wed, 31 January 2007 Tonight's show is short and late, for which I apologize. Last night
was a blogger meetup in Burlingame for Robyn Tippins, a friend from the
Podcast Roundtable project I did last year. This was our first chance
to meet face to face, and after three hours of driving, I wasn't up to
editing last night. Plus, I'm trying to tie down the format of the
show. This will hopefully save time later but cost me time today. I
got a lot of feedback from listeners, which I really appreciate. Keep
it coming. I think I may actually be able to put a greeting in my
gizmo voicemail account now. Show notes:
Network Security Podcast, Episode 60, January 30, 2007
Time: 21:56 Sponsored by: Astaro Internet Security
Technorati Tags: security, mckeay, podcastDirect download: nsp-013007-ep60.mp3 Category: podcasts -- posted at: 9:22 AM |
|
Wed, 24 January 2007 I'm winding up my vendor list for RSA. I looked at my mailbox and I
have over 135 email threads (not emails, threads) of vendors asking for
time to meet me and talk about their product. I've got to start doing
some maintainance on my podcasting equipment and make sure that
everything I own is up to the task. The reins of the security
blogger's meetup at RSA have been handed over to me. Rich Mogull did
90% of the work for this event but had to step back for personal
reasons and asked me to take over. There are almost 20 confirmed
bloggers, with half that number who have expressed interest in
attending. If you're a security blogger/podcaster/video blogger, drop
me a line and I'll see about adding you to the list.
Note: I got another voicemail comment from Ben just after I recorded
tonight's show. I'll let you listen to it next week and respond. "Why
can't these companies just encrypt our data?" Show Notes:
Network Security Podast, Episode 59, January 23, 2007
Time: 27:26
Sponsored by: Astaro Internet Security
Tonight's Music: Circular Reasoning by Allison Crowe
Direct download: nsp-012307-ep59.mp3 Category: podcasts -- posted at: 12:53 AM |
|
Wed, 17 January 2007 Sometimes, you just have a lot on your mind. Tonight's podcast was a
little short because of it. I'm still adding names to my RSA vendor
list, something I don't think let's up until just after the show. There
are a lot of interesting C-level people looking for face time to extol
the virtues of their product. I'm mostly excited about meeting some of
my fellow security bloggers face to face, most for the first time. If
I have time between vendors, that is. The new names on the RSA list: Crossroads systems, Secuware, Symantec, Cenzic, Aladdin, ACI,
MessageLabs, Watchfire, verizon, Bharosa, Astaro, PGP, nCipher, Exploit
Prevention Labs, Lumeta, SSH Communications Security, Secured eMail. I'm sure more will be added tomorrow. Show notes:
Network Security Podcast, Episode 58, January 16, 2007
Time: 20:10 Technorati Tags: security, McKeay, podcastDirect download: nsp-011607-ep58.mp3 Category: podcasts -- posted at: 12:19 AM |
|
Wed, 10 January 2007 I'm starting my planning for RSA and I'm asking for your help in
deciding who I should spend my time with at the event. Between being a
blogger with some staying power and a writer for Computerworld, I'm
getting a lot of invites to talk to various company CTO's and CEO's.
I'm going to be hitting the convention floor and visiting most of the
booths, but I only have so much time to spend with vendors. Let me
know which of these businesses you think I should talk to. If there's
someone who's not on the list you really feel I should talk to, drop me
a line and I'll see what I can do. There's never a sparcity of
companies willing to talk to the press. Companies I've recieved invites from so far: Tipping
Point, Entrust, GRISoft, Cryptography Research, St. Bernard Software,
Cloakware, ScanAlert, Yoggie Security Systems, Workshare, Symark,
Securewave, Cleversafe, Appliciation Security Inc., CounterStorm, Nevis
Networks, Core Security, Lancope Show notes:
Network Security Podcast, Episode 57, January 9, 2006
Time: 26:29
Direct download: nsp-010907-ep57.mp3 Category: podcasts -- posted at: 12:33 AM |
|
Wed, 3 January 2007 Welcome to the new year! It's the first podcast of the year and the
start of my second full year of podcasting. I'm not into the 'year in
review stuff' (and I did it in episode 54, I think) and I'm definitely
not into predicting what's going to happen in the coming year. I'm
just not smart enough to figure out what's going to happen that far in
advance. I announce the winner of the Cisco Network Admission Control
book, who I selected with the help of my sons and a really big 20-sided
die. It was too much work to cut up the paper into strips, so I had
them roll until I got an appropriate number. Despite some issues
that prevented me from blogging and podcasting more last month, I'm
back in the saddle. I hope I won't be missing any more podcasts for
quite some time. Show notes:
Network Security Podcast, Episode 56, January 2, 2006
Time: 26:48 Technorati Tags: security, mckeay, podcast, PCIDirect download: nsp-010207-ep56.mp3 Category: podcasts -- posted at: 12:41 AM |
|
Tue, 19 December 2006 I figured I owed everyone a podcast, and while it's short and lacking
on details, it'll give you a little idea of why I've been so little in
evidence lately. Basically, it's to stop me from saying something I
shouldn't while stressed at work. This should all be resolved or close
to it by the next show, which by the way will be January 2nd, 2007.
I'll be travelling the day after Christmas, so unless I surprise myself
and do a car cast, there probably won't be a show next week. Show notes:
Have a good Christmas with family and friends. I'm looking forward to next year.
Network Security Podcast, Episode 55, December 19, 2006
Time: really short
Direct download: nsp-121906-ep55.mp3 Category: podcasts -- posted at: 11:51 PM |
|
Wed, 6 December 2006 I'm back to my old format of discussing a number of interesting
security issues from the last week in tonight's show. My voice is
still recovering from my illness over the Thanksgiving week. I'm also
working on the move to the new colo server and Wordpress in the next
week or two. Hopefully I'll be able to coordinate with Michael Farnum
to join me on the podcast next week. Show Notes: Dave Slusher at the Evil Genius Chronicles is sick Larry Pesce from Pauldotcom Security Weekly has a new book out, Wireshark and Ethereal. Okay, he didn't write it, but he contributed. IHOP asks for customer's drivers licenses and they give themIs this a major break in the ATM system? I don't think so. CJ Kelly thinks the DDoS attack is dead, but Michael Farnum and I disagree. And the evidence is in our favor. Adam sides with the Seahawks fans, but Rich thinks a pat down is just the price you have to pay to go to a safe game. Network Security Podcast, Episode 54, December 28, 2006
Time: 25:00 Technorati Tags: Security, mckeay, podcastDirect download: nsp-120506-ep54.mp3 Category: podcasts -- posted at: 12:52 AM |
|
Wed, 29 November 2006 Getting back into the swing of things tonight, but the voice is still a
little rough. Tonight's interview was with Jim Hurley who's the
managing director of the IT Policy Compliance Group for Symantec. I'll
post a link to the site and the report as soon as it becomes
available. Show notes are a little sparse tonight, since I'm still in
recovery mode. I'll do better next week. In the mean time, if you
wonder what I look like, I'm the guy towering over Irena on Geek Entertainment TV this week.
Network Security Podcast, Episode 53, November 28, 2006
Time: 28:57
Direct download: nsp-112806-ep53.mp3 Category: podcasts -- posted at: 12:36 AM |
|
Wed, 15 November 2006 This is the one year anniversary of the Network Security Podcast and I
decided to spend tonight looking back over the past year. Tonight's
podcast is short, but there's a lot of things I have to be thankful of,
including getting better audio equipment (you'll understand when you
listen to the opening). I've made a lot of good friends over the last
year thanks to my blogging and my podcasting, both amongst the folks
I've talked to and amongst the folks who listen week after week. I've
really enjoyed doing the podcast over the last year and look forward to
continuing it for the year to come.
Thank you for listening.
Network Security Podcast, Episode 52, November 14, 2006
Time: 17:50
And if you really want to torture yourself, you can go back and listen to Episode 1Direct download: nsp_111406_ep52.mp3 Category: podcasts -- posted at: 12:19 AM |
|
Wed, 8 November 2006 Extremely abbreviated show notes tonight: as soon as I finished editing
tonight's podcast, I got violently ill. Bad crab stuffed mushrooms at
Red Lobster, I think. I'm okay at the moment, but if previous
experience is any indication, it ain't over yet. I'll update the show
notes tomorrow.
Network Security Podcast, Episode 51, November 7, 2006
Direct download: nsp_110706_ep51.mp3 Category: podcasts -- posted at: 1:00 AM |
|
Wed, 1 November 2006 Happy Halloween, everyone! There might be a better holiday, but few
match Halloween for sheer fun and craziness. Kids are great for
reminding you just how exciting it can be. Tonight's podcast is
a discussion about the convergence of physical and logical security in
the enterprise and government. I'd like to say the whole thing was my
idea, but the truth is, Brian Contos approached me with this idea
several weeks ago. We discussed why the two disciplines are
converging, the business drivers, what it means to both security and
privacy, and what's going to be happening in this arena over the next
five years. It's a fascinating topic. The guests tonight were Brian Contos, Chief Security Officer, ArcSight; William Crowell, security expert, executive business leader and former Deputy Director of the NSA; Dan Dunkel, president of New Era Associates; and Colby DeRodeff, GCIA, GCNA and Senior Security Engineer at ArcSight. Network Security Podcast, Episode 50, October 31, 2006
Time: 1:14:39 Tonight's music: Halloween by the Coffin ShakersThanks again to Astaro for sponsoring the podcast. Call them at 877-427-8276 to get your free demo unit. Technorati Tags: security, McKeay, convergence, ArcsightDirect download: nsp_103106_ep50.mp3 Category: podcasts -- posted at: 1:26 AM |
|
Wed, 25 October 2006 No interviews tonight, I just talk for a little while about my recent
experiences with the IE7 party and my trip to Symantec in Southern
California. It's still a little hard for me to wrap my head around the
fact that when you do a search on 'security blog' in Google, this is
the second blog you find. Because of this, more security companies are
coming to me asking to be interviewed or just to talk to them. Mike Rothman poked fun of me a little bit
today in his blog, but I'll try to take it with a grain of salt. If
nothing else, Mike will keep my ego from getting too big. Hopefully I
can count on you guys to keep me honest too.
There's not a lot of show notes tonight, since almost everything I
talked about is already on the blog somewhere. The only site I want to
draw additional attention to is the PCI and Data Security Compliance
site. I've added them to my news reader and if you have reason to be
interested in PCI I would suggest you consider doing so too.
Network Security Podcast, Episode 49, October 24, 2006
Time: 24:38
Tonight's Music: The Hero and the Heroine by Vanessa Peters and Ice Cream on Mondays
Thanks again to Astaro for sponsoring the podcast. Call them at
877-427-8276 to get your free demo unit. I'm no Leo Laporte, so thanks
for sponsoring the podcast.
Direct download: nsp-102406-ep49.mp3 Category: podcasts -- posted at: 1:36 AM |
|
Fri, 20 October 2006 So here it is! Jeremiah
and I interviewed members of the Internet Explorer 7 Development team
to find out what they're thinking, what they've got planned next and
what went into the making of IE7. We also talked to the Yahoo Liason
to find out how they managed to release IE7 before Microsoft did, and
got the opinions of a couple of the other bloggers that were invited to
the party. Thanks again to everyone who we talked to. Internet Explorer Release Party, October 18, 2006
From the IE7 team
Gary Schare Chris Wilson Dean Hachamovitch Yahoo
Gerald Si (I forgot to get a card, so tell me how to spell your name, Gerald) Bloggers John Obeto II Niall KennedyOnce
again, thanks to the the folks out there who sent Jeremiah and I
questions. I didn't get to half of the questions I'd have liked to.
And you know what, the audio turned out pretty good for having been in
the middle of a crowded bar. Yay for free drinks! Technorati Tags: security, McKeay, Owyang, Internet Explorer 7Direct download: IE7ReleaseParty.mp3 Category: podcasts -- posted at: 12:41 AM |
|
Wed, 18 October 2006 I'm playing with the Levelator from Gigavox Media tonight,
so hopefully the sound levels will be better than they sometimes are.
I kept the show to a decent length tonight, right at my target of 30
minutes, not including the song. I'm getting ready for the IE7 Meet
the Developers party tomorrow night, and going to visit Symantec on
Friday. Busy week.
Tonight's interview is with Ahmed Masud, CTO of Googgun Technologies.
Their product, Trustifier, acts as a kernel modification, adding
another layer of security and almost making any operating system into
one with mandatory access control. This means the granularity of
control over the files on the system is much greater than a standard
discretionary access control model. Trustifier isn't in use much yet
here in the States, but it's an interesting concept.
Show notes:
Give Dori back her license plate!
HBO Hacking Democracy: Thanks, Marcin for this information
IT Security Compliance Myths: From Ron Gula at Tenable, and my comments
Network Security Podcast, Episode 48, October 17, 2006
Time: 35:43
Thanks again to Astaro for sponsoring the podcast. Call them at 877-427-8276 to get your free demo unit.
Direct download: nsp-101706-ep48.mp3 Category: podcasts -- posted at: 1:02 AM |
|
Wed, 11 October 2006 Tonight's interview features Shava Nerad, Executive Director of the Tor Project.
Shava is one of the few people I've met in quite a while who's more
concerned about personal privacy than I am. You hear that, Mike Rothman,
there are people more fanatical about privacy than me! I had a lot of
fun talking to Shava, both during and after the recording session.
Unluckily you don't get to hear all of the interesting stuff she's done
in her life. Maybe I can get her on again some time to talk about
Shava, rather than the EFF or Tor.
Show notes:
Eric Rice captured today's Sun Presentation in Second Life
Breaking out of Jail with Word by Patrick Ogenstad
Delloite Podcasts
Computerworld: Input Output
Network Security Podcast, Episode 47, October 10, 2006
Time: 47:18
Tonight's Music: Goodbye to Freedom by COMEG
Thanks again to Astaro for sponsoring the podcast. Call them at 877-427-8276 to get your free demo unit.
Direct download: nsp-101006-ep47.mp3 Category: podcasts -- posted at: 1:28 AM |
|
Wed, 4 October 2006 I've got my final comments on the Portable Media Expo, Listener
Feedback, the Firefox vulnerability hoax and my comments on a PCI
Self-audit. I'm still recovering from PME, which is why there was no
interview tonight. But have no fear, I've already recorded next weeks
interview, though you'll have to listen to the podcast to find out who
it is.
I recieved a lot of great feedback from you all, and keep it coming. I
want to know from you what I can do to make the podcast better. Leave
me some voicemail too! I got one voicemail this week from a group
looking for someone to come talk to them about electronic voting. If
it wasn't a two hour drive I probably would have gone for it, if just
for the experience.
Podcast and Portable Media Expo
Firefox stack overflow vulnerability (hoax)
Richard Bejtlich will be teaching class in December
Network Security Podcast, Episode 46, October 3, 2006
Time: 22:41
Tonight's music: Copperhead Road by Steve Earle
Thanks again to my sponsor Astaro Corporation. Visit their site and sign up to receive your free demo Astaro Security Gateway
Direct download: nsp-100306-ep46.mp3 Category: podcasts -- posted at: 12:54 AM |
|
Wed, 27 September 2006 I kept it short tonight, since I'm off to Southern California in
preparation for the Portable Media Expo this weekend. I'm going down a
couple days early to visit family, which means I have to leave the
house before 5:00 am to avoid the worst of the traffic. I've been
varying the length of the podcast a lot lately, short when it's just
me, longer when I have a guest, and occasionally much longer when they
have something exceptional to say. If the variable length bothers you,
speak up and let me know. If the variable length is fine with you,
speak up and let me know.
Astaro Security Gateway
- Not only my sponsor, but one of the subjects of tonight's podcast.
I'm looking for feedback from anyone who's tried their product
Brave New Ballot - Avi Rubin's book on dangers of electronic voting machines, especially Diebold
PCI Security Standards Council - Brought to you tonight by Appendix B
Network Security Podcast, Episode 45, September 26, 2006
Time: 18:24
Tonight's music: Heroes by Jack in the Pulpit
Thanks again to my sponsor Astaro Corporation. Visit their site and sign up to receive your free demo Astaro Security Gateway
Direct download: nsp-092606-ep45.mp3 Category: podcasts -- posted at: 1:09 AM |
|
Wed, 20 September 2006 Tonight's interview is with Professor Matt Bishop from UC Davis and
Co-Director of their Computer Security Laboratory. Matt and I spent a
fair amount of time talking about teaching security, data sanitation
and e-voting. I contacted Matt after a listener mentioned his book and
asked for the interview. Show notes: Professor Matt Bishop Computer Security: Art and Science - I'm going to have to get a copy of this book, since it sounds like it's a good book for teaching security Security Roundtable - Episode 4: Responsible Reporting of Breaches Still Secure After All These YearsNetwork Security Podast, Episode 44, September 19, 2006
Time: 50:42 Tonight's Music: Nick Cave and the Bad Seeds - Bring It On I've been listening to a lot of Nick Cave and the Bad Seeds lately. Tonight
I'm also welcoming Astaro Corporation as a sponsor for the Network
Security Podcast. They're the makers of the Astaro Security Gateway,
and they were one of the first companies I ever interviewed. Direct download: nsp_091906_ep44.mp3 Category: podcasts -- posted at: 1:26 AM |
|
Wed, 13 September 2006 Late last week I had a chance to talk to Ron Gula, the CEO and CTO of
Tenable Security. We talked about the history of Ron and Tenable,
several of Tenables products and the impact making Nessus 3.0
close-sourced had on Tenable's business. Ron is a great person to talk
to, and I feel I'll probably have him on again just to talk about about
... whatever. I know it'll be interesting, no mattr what it is. I
also took some time to answer a question about auditing for Randy, talk
about an upcoming project with Michael Santarcangelo and a review of
the newly released PCI requirements, version 1.1 or at least a small
portion there of. Show Notes: Tenable Security - Ron Gula Brian Contos Enemy at the Water Cooler
Michael Santarcangelo - Security Catalyst PCI Security Standards CouncilNetwork Security Podcast, Episode 43, September 12, 2006
Time: 42:41 Music: Alyssa Hendrix - TreasureTechnorati Tags: security, McKeay, podcast, Ron GulaDirect download: nsp-091206-ep43.mp3 Category: podcasts -- posted at: 1:36 AM |
|
Wed, 6 September 2006 Well, to make up for some of the longer podcasts recently, I kept this
one short. Okay, the truth is I'm exhausted and didn't have that much
to say tonight. I'm trying to line up a some interesting guests for
the next couple of weeks, but past experience has taught me not to
advertise guests until I have the podcast recorded. There's a
little bit of listener feedback tonight and a couple of things that
caught my interest. Browzar stirred up quite a bit of attention on
Friday, but over the weekend it's promise of no footprints was revealed
to be mostly hype. Jeff Hayes
brought up some interesting points about limiting users access to
information on a 'Need to know' basis. My brain was too full from SANS
training to hold much more. I had a set of shirts waiting for
me when I got home from training as well as a new book. Is it wrong to
put you podcast's logo on shirts and get your kids to wear them? Plus
I go some golf shirts for myself with the logo in anticipation of the
Portable Media Expo at the end of the month. The book was "Enemy at the Water Cooler" by Brian Contos and if you want to give your managment some concrete examples of insider threats, this is the book for you. Network Security Podcast, Episode 42, September 5, 2006
Time: 14:55 Tonight's Music: Lee Maddeford -- Hey JoeTechnorati Tags: security, mckeay, podcastDirect download: nsp_090506_ep42.mp3 Category: podcasts -- posted at: 12:51 AM |
|
Wed, 30 August 2006 I apologize in advance for the sound quality of tonight's podcast. I
made a mistake somewhere in the sound levels and I don't know how to
fix it. I promise I'll do better next week when I'm at home.
I had an opportunity to talk to Christofer Hoff, who is the Chief
Strategy Officer for Crossbeam Systems and the blogger at Rational
Security. I wanted to know more about what UTM (Unified Threat
Management) is and Chris is the guy to ask. The interview is on the
long side and would have been longer if I hadn't had to pack.
I've gotten a lot of listener feedback lately and I want you to keep it
coming. Here are a couple of the links I promised in the show:
Network Security Podast, Episode 41, August 29, 2006
Time: 53:38
Tonight's Music: Flying Tom - Cheap GamesDirect download: nsp_082906_ep41.mp3 Category: podcasts -- posted at: 1:30 AM |
|
Wed, 23 August 2006 I had a chance to talk to Richard Bejtlich a few weeks ago and here it
is for you listening pleasure. I wasn't going to tell Richard this
during the recording, but I've been a big fan of his ever since the Tao
of Network Security Monitoring first came out. I've been lucky enough
to meet Richard a couple of times face to face and I have to say he has
always been a pleasure to talk to. This interview was recorded almost
3 weeks ago, and we talked about blogging, Richards books (the
aforementioned Tao, Extrusion Detection and Real Network Forensics),
how he got into security and his views on hackers turned security
practitioners among other things. Congratulations to Richard, who's
soon going to be a father again.
I also spend a little time rambling about my new hardware, discussing the Consumer Reports AV kerfuffle (got that word from Shel Holtz)
and where I'll be in the next couple of weeks. I'll try to put out a
podcast next week, but I'll be in training and at a hotel, so I don't
know what sort of access I'll really have.
Thanks for the feedback over the last week. I always like hearing what
you think about the people I'm interviewing and the topics I discuss.
If you have someone you'd really like me to interview or a topic you'd
like me to discuss, send me an email at nsp@mckeay.net or leave me a
voicemail at 916-231-9479
Network Security Podcast, Episode 40, August 22, 2006
Time: 42:46
Tonight's Music: Beau Hall - Hell and EcstasyDirect download: nsp-082206-ep40.mp3 Category: podcasts -- posted at: 1:13 AM |
|
Wed, 16 August 2006 LinuxWorld was a lot of fun today, but it's exhausting. Lawrence
Lessig gave the keynote speech, talking about how open source software
and fair use are helping turn us back into a read-write culture,
instead of the read-only culture the media companies want us to be.
I'll write more on that when I get a chance.
My guest tonight was Bruce Schneier,
author of Beyond Fear and CTO of Counterpane. He took time out of his
vacation to talk to me for which I'm grateful. This was the one
interview I've wanted to do since the beginning. I just wish it hadn't
been 7:00 in the morning when the phone call took place. I hadn't even
had my second cup of coffee yet. Hopefully I'll get a chance to talk
to him again in the future.
Not a lot of links for you tonight, just AOL got Splunk'd. If you're interested in looking at what's really in the AOL database, go look. Maybe you can find someone you know.
Network Security Podcast, Episode 39, August 15, 2006
Time: 38:54
Tonight's music: Mean Gene Kelton and the Diehards - Little Black DressDirect download: nsp-081506-ep39.mp3 Category: podcasts -- posted at: 1:45 AM |
|
Wed, 9 August 2006 My guest tonight was Jamie Wallace, the blogger more widely known as
the Security Wonk. Jamie and I spent about 15 minutes talking about
his site, the Security Wonk, what get's him going and his suggestions
to new bloggers. Then I rant for a little while about the AOL search
query database and the loss of another system with VA client data.
And, in case anyone else is going to be there, I'll be at LinuxWorld
next week. Other podcasting news, there'll be a special recording for the Security Roundtable
this Thursday night at 5:30 PDT on SkypeCast. Provided I can get
everything figured out, the channel will be "Security Roundtable".
Alan Shimel, Richard Stiennon, Chris Hoff and Mike Rothman will be
discussing the merits of NAC in the network. I get to be the facilitator. Links:
Network Security Podcast, Episode 38, August 8th, 2006
Time:32:30 Tonight's music was Mark Harold - Freedom for my SoulAnd last, but not least, PC Weenies, #880Technorati Tags: security, Martin McKeay, podcast, AOLDirect download: nsp-080806-ep38.mp3 Category: podcasts -- posted at: 12:32 AM |
|
Wed, 2 August 2006 Tonight's guest is Rob Slade, author of the Dictionary of Information Security,
his recently released book. Rob talks about the origin of his new
book, how language is constantly changing, especially in Information
Security and getting his book published. The last half of the podcast
is listener feedback (please keep it coming!) and where I've been,
where I'm going and what I'm doing there. I forgot to add in the
podcast, I'm not going to BlackHat, but I am going to Linux World, with a press pass none the less. Maybe I can make BlackHat next year if I start planning now. Links from tonight:
Network Security Podcast, Episode 37, August 1st, 2006
Time: 28:17 Tonight's Music: Allison Crowe - How Long Technorati Tags: security, Rob Slade, 6url, StillSecureDirect download: nsp-080106-ep37.mp3 Category: podcasts -- posted at: 2:03 AM |
|
Wed, 26 July 2006 This week I talked to Ravi Ganesan, founder of TriCipher.
He fills me in on some of what's been happening with Man in the Middle
attacks against two-factor authentication used by banks and financial
institutions. It sounds like this is a fairly small issue right now,
but it could quickly grow in the near future. Ravi is clearly an
expert on authentication solutions and gives some hints about where
security professionals need to be looking in the future. I also take a
few minutes to talk about some changes that may be happening to the PCI
standards in the near future, the concept of compensating controls.
By the way, I mistakenly called Ravi the CEO in the podcast, sorry for
the mistake. I'm not a CSO either, so I figure that makes us even. Network Security Podcast, Episode 36, July 25th, 2006
Time: 45:27 Tonight's Music: Shemekia Copeland - Breakin' OutTechnorati Tags: security, podcast, Man in the Middle attackDirect download: nsp-072506-ep36.mp3 Category: podcasts -- posted at: 1:07 AM |
|
Wed, 19 July 2006 Note to self, don't schedule interview before the second cup of coffe.
This past Sunday morning I had a chance to talk to Brian Contos from ArcSight, who has a book coming out next month, Enemy at the Water Cooler: True Stories of Insider Threats and Countrmeasures.
Brian has a lot of great stories and experience dealing with the
insider threat in the real world, which he's more than willing to share
with us. There's a lot more Brian has to share, so we'll very likely
be hearing from him again in the near future. It ended up being a long
interview, but I hope you get as much out of our conversation as I
did. Network Security Podcast, Episode 35, July 18th, 2006
Time: 51:20 Tonight's Music: Michael Burks - Heartless from Alligator Records
Technorati Tags: security, insider threat, Brian ContosDirect download: nsp-071806-ep35.mp3 Category: podcasts -- posted at: 1:37 AM |
|
Wed, 12 July 2006 It's back to being just me on the podcast, at least for tonight. I was
supposed to have a special guest on the show tonight, but he had to
back out due to other commitments. You'll have to listen to the
podcast to find out who it was going to be. I hope I'll still be able
to interview him in the near future. But I'm learning not to count my
interviews before they're recorded. Vacation was a lot of fun, and you
can find an expanding set of photos on my Flickr account. Thanks to Mike Farnum and Steve Murawski for pointing me to Sudo for Windows.
Network Security Podcast, Episode 34, July 11, 2006
Time: 29:14
Tonight's music: Stop Watching Your Enemies by Koko TaylorTechnorati Tags: security, government, PCIDirect download: nsp-071106-ep34.mp3 Category: podcasts -- posted at: 1:57 AM |
|
Tue, 27 June 2006 This is probably going to be the earliest I'll ever release an episode of the podcast. I'm going on vacation tomorrow morning, so I wanted to make sure the podcast was up and available. There won't be a podcast next week, but the podcast after that will be exciting. I haven't recorded that interview yet, so I'm not telling who it is yet. Just rest assured, you'll understand why I'm excited when you hear the guest.
This week's guest was Jeff Stanton, professor at Syracuse University and co-author of The Visible Employee. Dr. Stanton's book looks into the realm of employee monitoring, examining employee attitudes, management viewpoints and the technology involved. Having run an employee monitoring program before, I was extremely interested in hearing how other IT professionals feel about being made responsible for watching their fellow employees. Employee monitoring is something that has to be handled very carefully to protect the business while not intruding on the employee's right to privacy. And a lot of businesses haven't really taken the necessary time to do it right.
Network Security Podcast, Episode 33, June 27, 2006
Time: 33:42
Tonight's music: Osho Mask by Aaron Wilkinson
Technorati Tags: security, privacy, employee monitoringDirect download: nsp_062706_ep33.mp3 Category: podcasts -- posted at: 12:09 PM |
|
Wed, 21 June 2006 I was joined tonight by Larry Pesce of PauldotCom Security Weekly fame. Larry shared with me a little behind the scenes about how the Security Weekly show came into being, how he got into security and the new book on the Linksys WRT54G he and Paul are working on. Along the way we also talked about a couple of other wireless security issues, such as a writer who thinks there are no wireless insecurity issues and the state of wireless IDS. Then I wrap up with a rant about stolen servers and the lies companies are telling themselves.
Network Security Podcast, Episode 32, June 20, 2006
Time: 38:04
Tonight's music: Wisdom of Insecurity by Dick Aven
Technorati Tags: security, podcast, wireless, stolen server, PIIDirect download: nsp-062006-ep32.mp3 Category: podcasts -- posted at: 1:04 AM |
|
Tue, 13 June 2006 Here is the second half of my discussions with Michael Farnum of An Information Security Place and Dr. David Taylor for Protegrity. Michael and I debate the NSA's domestic spying and what it means, while Dr. Taylor and I discuss some of the basics of security. And this one beats last weeks by a few minutes.
Michael and I are continuing our discussion of the NSA spying on our blogs. Right now the ball's in my court and I should be posting on this early tomorrow. For now though, I'm off to meet my friend Jeremiah Owyang at SF Blogger Dinner at Hotel Utah. If I can find the dang place that is. One last thing, I tried encoding this podcast using Variable Bit Rate compression. Let me know if you notice a difference in the sound quality. Or the quality in general.
Network Security Podcast, Episode 31, June 13, 2006
Time: 47:29
Tonight's music: Return to you by Carra Barratt
Technorati Tags: podcast, security, NSA, SpyingDirect download: nsp-061306-ep31.mp3 Category: podcasts -- posted at: 7:27 PM |
|
Wed, 7 June 2006 Tonight I had the honor of talking to Michael Farnum of An Information Security Place and Dr. David Taylor from Protegrity. I talked to Michael about how he got into security, his opinions about security through obscurity and the VA data loss. Dr. Taylor and I also talk about the VA data loss from a slightly different perspective. This is the first part of each interview and the second part will be available next week. This is one of the longest podcasts I've done so far.
I want feedback, so please either send me an email at nsp_at_mckeay.net or leave me a voicemail at 916-231-9479
Network Security Podcast, Episode 30, June 6, 2006
Time: 43:07
Tonight's music: Raining in Austin by The Electric Moonshine Band Technorati Tags: security, podcastDirect download: nsp-060606-ep30.mp3 Category: podcasts -- posted at: 12:43 AM |
|
Wed, 31 May 2006 I interviewed Gary McGraw, CTO of Cigital Inc and author of Software Security for this week's podcast. This is part of my continuing effort to do less of the talking in the podcast and get ideas and opinions from other people. We discussed software security and what's being done about it. I tried to get Gary to spill the beans on the subject of his next book, but he was a little cagey on the subject. I forgot to mention it in the podcast, but if you have any feedback, you can drop me an email at nsp_AT_mckeay.net or leave me a voicemail at 916-231-9479. Network Security Podcast, Episode 29, May 30, 2006
Time: 37:51 Last, but not least, check out the other projects I've been working on lately, the first episode of the Security Roundtable and the fifth episode of the Podcast Roundtable. Tonight's music: Dark Side of Town by the Josh Kirkland BandTechnorati Tags: security, podcast, softwareDirect download: nsp-053006-ep29.mp3 Category: podcasts -- posted at: 1:02 AM |
|
Wed, 24 May 2006 I want to start off by thanking my guest host tonight, Dan Kuykendall from the Mighty Seek Podcast. Dan is a fellow member of the Security Roundtable, so hopefully you'll be hearing more of us together in the future. Dan is an application vulnerability tester by profession, and brings a significantly different point of view to security than I do. I had more sound problems tonight, but at least Dan and I were able to record this, which is a big improvement over last week. Sorry about the sound quality tonight, I promise it will be better next week.
On a seperate note, I had to disable comments on the site temporarily. Starting yesterday I've been hammered with comment spam and I had to shut down comments until I come up with a viable solution. It's not shaping up to be a good week. Network Security Podcast, Episode 28, May 23, 2006
Time: 44:56
Dan had some interesting information about the PCI standards that I hadn't heard before. I'm glad that there's people like Dan pushing hard for application security in the PCI standards.
Tonight's music: Open Your Eyes by Telos
Technorati Tags: securityDirect download: nsp-052306-ep28.mp3 Category: podcasts -- posted at: 2:34 AM |
|
Wed, 17 May 2006 I had some great plans for tonight's podcast which didn't quite come to fruition. Michael Farnum from An Information Security Place was going to be be my cohost on the show tonight, but Skype had other opinions. I thought we'd take advantage of the fact that SkypeOut is now free to any phone number here in the US or Canada. Sounds like a great tool, if only it worked right. Michael got so much echo from the process that it just couldn't work. Which is the long way of saying why tonight's podcast is a little short and disorganized. Network Security Podcast, Episode 27, May 16th, 2006
Time: 27:19 Tonight's Music: Wives of the Circle Five by dariustxTechnorati Tags: Security, podcastDirect download: nsp-051606-ep27.mp3 Category: podcasts -- posted at: 2:19 AM |
|
Wed, 10 May 2006 Boy, tonight's podcast ended up going a bit longer than usual. I got
started on a couple of the subjects and just couldn't keep it to thirty
minutes. I'm still a little hyped from meeting Leo Laporte earlier
today. If I had a list of all the podcast/blog personalities I listen
to and read that I want to meet, Leo would be in the number one spot.
I didn't go all fan boy on him, but I did feel the urge. Maybe I
should create such a list and start checking off names as I meet them.
By the way, I shifted my position in relationship to the microphone,
and you might notice several changes Let me know what you
think about some of the new artwork I've gotten for the site. The blue
and grey color scheme is what I've settled on and will hopefully be
moving to in the near future.
Network Security Podcast, Episode 26, May 9th, 2006
Tonight's music was Too Hard by Pondering JuddTechnorati Tags: Security, PodcastDirect download: nsp-050906-ep26.mp3 Category: podcasts -- posted at: 2:26 AM |
|
Wed, 3 May 2006 I don't know why I want to think interview podcasts are going to be easier than a standard podcast. It's nice to not have to be the only one speaking once in a while, but the post production tends to take longer. My first conversation is with Mike Rothman of the Security Incite blog and Scott Richards, VP of Product Management and Engineering at Senforce Technologies. We spent a good time talking about the recent thumb drive migration in Afghanistan. I also had a quick phone call with Alan Shimel to congratulate him on StillSecure's partnership with Extreme Networks Thanks to my friend, Robyn over at Sleepy Blogger (and fellow Tabler) for giving me the little break between the two. Next week, it's back to just me. And by the way, the Frappr map is up to 64 pins. Keep 'em coming.
Network Security Podcast, Episode 25, May 2nd, 2006 (Can you believe it's already been 25 episodes?)
Time: 38:41
Technorati Tags: security, podcast, StillSecure, SenforceDirect download: nsp-050206-ep25b.mp3 Category: podcasts -- posted at: 1:26 AM |
|
Wed, 26 April 2006 I'm still recovering a bit from last night's dinner with the Microsoft Developers. They were very nice to invite me to coming out party for Internet Explorer 7 Beta 2, but that meant I didn't get to sleep until almost midnight. It was quite a lot of fun. I got some audio feedback for tonight's show, and thanks to those of you who gave me suggestions for a new camera. Hopefully I'll have a little more warning next time. Tonight's music was Day of Reckoning by Amy Martin
Network Security Podcast, Episode 24, April 25th, 2006
Length: 29:21 minutes.
Thanks for listening. I forgot to mention that I'll be doing the next episode of IT Employment with Dan Sweet this Thursday.
Technorati Tags: Security, podcast, PCIDirect download: nsp-042506-ep24.mp3 Category: podcasts -- posted at: 1:10 AM |
|
Wed, 19 April 2006 I got a bit of a late start to the podast tonight, but thanks to a little Rockstar, I was awake throughout the whole thing. Theres a lot of good stuff in tonight's podcast, and there's more good stuff coming up. I'm trying to use Audacity again, because some of the things I've wanted to do are next to impossible in Propaganda. Tonight's Music is Wonder Woman by Frozen SmileNetwork Security Podcast, Episode 23, April 18, 2006
Length: 28:49 Thanks for listening and remember to place your pin on the Frappr Map! Technorati Tags: Security, podcast, PCI, PrivacyDirect download: nsp-041806-ep23.mp3 Category: podcasts -- posted at: 2:22 AM |
|
Tue, 11 April 2006 Tonight's podcast is actually last night's podcast. I'm headed into San Francisco shortly for a dinner with Jeremaih Owyang and a host of others. We're getting together at the Thirsty Bear to meet Steve Rubel of Micro Persuasion fame. This episode is short, but there was no way I was going to skip a podcast in order to go to the dinner. I don't plan on getting home until 10:00 or 11:00 tonight and there was no way I was going to record the podcast then. Did you know it usually takes me about three hours to record a 30 minute podcast? Network Security Podcast, Episode 22, April 11, 2006
Tonight's music is, appropriately, In San Francisco by The Welcome Matt
Technorati Tags: security, podcastDirect download: nsp-041106-ep22.mp3 Category: podcasts -- posted at: 6:39 PM |
|
Fri, 7 April 2006 A couple of weeks ago I had the pleasure of interviewing Alex Neihaus, the Vice President of Marketing for Astaro Internet Security. Alex and Astaro are big supporters of podcasting and blogging and Alex spent half an hour talking to me about the Astaro Gateway appliances.
Network Security Podcast, Alex Neihaus, Astaro
Direct download: NSP-AstaroSecurity.mp3 Category: podcasts -- posted at: 5:22 PM |
|
Wed, 5 April 2006 Here's episode 21 for you listening pleasure. I decided to give you the regular weekly podcast tonight and I'll issue the Astaro interview as a standalone podcast in the next couple of days. I once again forgot to hook up the iRiver before the podcast began, but I got lucky and didn't have to pay for my mistake. I cover a lot of ground tonight, from patching to legislation to the firing process and hopefully there are a few things for you to think about. And just in case you didn't know, when I say PCI, that's the Visa/Master Card Payment Card Industry Data Security Standards I'm referring to. Tonight's music is Old Tom's Restless Bones by David NorrisNetwork Security Podcast, episode 21, April 4, 2006
Thanks for listening, and have a good week. Technorati Tags: Security, podcast, PCI, PrivacyDirect download: nsp-040406-ep21.mp3 Category: podcasts -- posted at: 1:55 AM |
|
Tue, 4 April 2006 I was reviewing my podcast downloads after lunch, and I wanted to say thank you to all the listeners out there. The most recent podcast hit 500 downloads in 7 days, a goal I originally thought I'd hit in June,& if I was lucky. Thank you for listening and I hope I can keep up the quality that keeps you coming back. And if you have some feedback, please send me email at nsp@mckeay.net or leave me a voicemail at 916-231-9479.  Category: podcasts -- posted at: 5:39 PM |
|
Wed, 29 March 2006 Episode 20, for your perusal. I had an interesting talk with Mike Rothman and Alan Shimel about the recent demise of the Sourcefire - Check Point merger. Mark had some idea's I hadn't considered before. I also take some time to answer some listener feedback and my PCI segment is a comment on the value of information. I really learned a lot about the quirks of both my sound editors, Propaganda and Audacity. I also have an interview with Alex Neihaus of Astaro Internet Security coming up, but I have to retrieve a copy from the iRiver. Never open a sound file in both versions 1.2 and 1.3 of Audacity at the same time; the results are not pretty. Tonight's music is Blue Bird Tattoo by Circe Link
Network Security Podcast, episode 20, March 28, 2006
Thanks for listening, and thanks once again to Alan and Mike for joining me. Technorati Tags: security, PCI, Sourcefire, Check PointDirect download: nsp-032806-ep20.mp3 Category: podcasts -- posted at: 1:20 AM |
|
Wed, 22 March 2006 Here it is, episode 19! New toys, a lot of privacy concerns, and Google won their court case. I also had some more to say on the still emerging debit card compromise. I finished up with my review of the PCI requirements tonight and I'm looking for something PCI related to talk about from now on. If you have any thoughts or questions, please drop me a line at 916-231-9479 or email me at netsecpodcast@mckeay.net. Tonights music is Another Round by Enter the HaggisNetwork Security Podcast, Episode 19, March 21, 2006
Thanks for taking the time to listen Technorati Tags: security, podcast, PCI, privacyDirect download: nsp-032106-ep19.mp3 Category: podcasts -- posted at: 1:36 AM |
|
Wed, 15 March 2006 Episode 18 is up and available for download. I'm thinking of running a contest for the creation of a promo for the podcast. Maybe that'll be the competition for Episode 25 in May. Life has been crazy busy and several things stopped me from finishing my Vista on VMware writeup. Please forget I ever mentioned it and if it gets on the site, it does, if not, oh well. Tonight is mostly about keeping your credit cards and debit cards safe. I have a new piece of audio hardware, an Alesis 3630 Dual Channel Compressor Limiter with Gate, and I think it's making me sound better. Let me know what you think. Tonight's music is True Love (Scarborough Fair) by Gypsy SoulNetwork Security Podcast, Episode 18, March 14, 2006
Thanks for listening Technorati Tags: security, podcast, PCI, GoogleDirect download: nsp-031406-ep18.mp3 Category: podcasts -- posted at: 2:02 AM |
|
Wed, 8 March 2006 Episode 17 of the Network Security Podcast is in the can. I had a lot to talk about tonight and that was after cutting out several articles. There's a lot going on in our legislative bodies, not the least of which is that the Patriot Act passed the House of Representatives today. Mac OS X owners are getting cocky and daring the hackers to attack them. One thing I've learned in security: If you have a thousand attackers, one of them will either be skillful or lucky enough to take you down. Tonight's music is Hole in your mind by the Jack Butler BandNetwork Security Podcast, Episode 17, March 7, 2006
Thanks again for listening. Technorati Tags: security, podcast, PCIDirect download: nsp-030706-ep17.mp3 Category: podcasts -- posted at: 1:57 AM |
|
Sat, 4 March 2006 For the third, and final, podcast of the weekend: Jeremiah Owyang and I interviewed venture capitalist Brad Feld for our project, the Podcast Roundtable. While you might not know Brad's name right off of the top of your head, you'll problaby recognize some of the companies he's been involved with, like Atreus, ePartners, FeedBurner, Gold Systems, Judy's Book, Klocwork, Newmerix, NewsGator, Quova, Rally Software, Sendia, and StillSecure. Brad not only has one heck of a shrewd business mind, he also is a hard core geek. His three-monitor computer setup was definitely envied by Jeremiah and I. His gremlins are nice too.
Interview with Brad Feld, March 4, 2006
Technorati Tags: Investment, podcastDirect download: PRT-BradFeld-030406.mp3 Category: podcasts -- posted at: 9:19 PM |
|
Sat, 4 March 2006 Yesterday afternoon, I had the pleasure of interviewing Alan Shimel, Chief Strategy Officer of security vendor, StillSecure. Alan and I talked about his company's three products, Safe Access, VAM and Strata Guard, about the recent awards and press coverage they've received, blogging, and our own, personal views about the government looking into the purchase of Sourcefire by Checkpoint. Interview with Alan Shimel, March 3, 2006
Technorati Tags: security, IDS, stillsecureDirect download: nsp-AlanShimel-030306.mp3 Category: podcasts -- posted at: 8:50 PM |
|
Sat, 4 March 2006 So the latest Pauldotcom Security Weekly is out and I'm a guest host. I spent an hour talking to Paul, Larry and 'Twitchy' and had a blast. I hope to have them on the Network Security Podcast sometime in the next couple of weeks and returning the favor. You know my own podcast is going to go a little long that week. Direct download of the audio: Technorati Tags: security, podcast Category: podcasts -- posted at: 6:39 PM |
|
Tue, 28 February 2006 I got a late start tonight. It's been a heck of a week already, and it's already Tuesday. I'm preparing for a big conference, where I'll be giving part of a presentation, and its a lot of work. I'm drooling a little over the thought of purchasing one of the new minimac's (I know, it's Mac Mini, but I prefer minimac) even though my wife's thrown some cold water over the thought of getting one. I can still dream about recording my next podcast in Garageband though, can't I?
Tonight's music was Complicated by retrograde
Network Security Podcast, Episode 16, February 28, 2006
Duration: 30:53 minutes
IT security podcasts you can't miss
Privacy and Anonymity
Torpark
Four lose jobs after data breach at Oregon health care facility
Employee fired for a data breach?
Why Windows Vista Won't Suck
Pauldotcom.com
Technorati Tags: Security, PodcastDirect download: nsp-022806-ep16.mp3 Category: podcasts -- posted at: 10:36 AM |
|
Wed, 22 February 2006 It's good to be back at home for the podcast. I was missing my main microphone and a good set of headphones. I had a minor allergy attack in the middle of the podcast, so please excuse any sniffles I missed in editing. Tonight's episode is my wrapup of the RSA Convention, and unluckily I wasn't overly impressed. Next year's show is supposed to be back in San Francisco, which will hopefully make it better. Tonight's music was evolution by the LemmingsNetwork Security Podcast, Episode 15, February 21, 2006Duration: 31:00 minuts TaoSecurity BlogStill SecureIndentity WomanGiant Squid Audio Lab(ISC)2 StudyInvasion of the Computer SnatchersInternet Storm CenterTechnorati Tags: security, podcast, privacy, PCI, MacDirect download: nsp-02-21-06-ep15.mp3 Category: podcasts -- posted at: 1:11 AM |
|
Thu, 16 February 2006 by Martin McKeay, Jeremiah Owyang, Dennis McDonald, and Daniel Sweet We had some interesting conversation on the death of music CD's and privacy concerns with Google Desktop version 3. There were a number of technical difficulties and we picked up some background noise that I apologize for (mostly my typing). I've listed a number of the sites we mentioned in the show, and several of the other sites we found in our own research. Robyn was unable to attend this show due to weather conditions in her area. Podcast Roundtable, Episode 3, February 11th, 2006
 Show Notes: Technorati Tags: podcast, CD, Google, privacyDirect download: PRT-021106-ep3.mp3 Category: podcasts -- posted at: 7:27 PM |
|
Thu, 16 February 2006 Edit: I wondered why I wasn't getting many downloads. Then I realized I forgot to post this episode on the podcast only site. D'oooh!
It's the calm before the storm here in San Jose. I'm the first person in the press room other than the attendants. One quick cup of coffee before the madness begins.
I recorded this week's podcast in my motel room last night. This is hopefully the shortest and roughest podcast you'll ever hear from me. I spent about 10 minutes talking about who I've seen so far and who I've talked to. I did a little bit of editing to take the sharp edges off, but it's still pretty raw. Next week I'll be back at home to my normal equipment, and hopefully sounding a lot better.
Network Security Podcast, Episode 14, February 14, 2006
Direct download: nsp-021406-ep14.mp3 Category: podcasts -- posted at: 6:57 PM |
|
Wed, 8 February 2006 I like the way the podcast sounds at 128kbps, and no one complained, so I'm going to leave it at that for the foreseeable future. Preperation for the RSA conference continues, and I'm definitely leaning towards recoding a show from my hotel room, just keeping it short ansd sweet. I talked tonight about bringing politics into the podcast. Please let me know your feelings about this, either for or against.
Tonight's music was Day Job Blues by the Kalamazoo Allstars.
Pandora
Network Security Podcast, Episode 13, February 6, 2006
VMware Server Beta
Diversify Your Investments by Starting a Side Business
Do you want your search engine history disclosed?
Buyers Scour eBay For Data-Rich Hard Drives
Professional Hacker's Linux Attack Kit
Vint Cerf to the US Senate Committee on Commerc, Science, and Transportation
Net Neutrality not an Optional Feature of Internet
Technorati Tags: security, podcast, privacy, PCIDirect download: nsp-020606-ep13.mp3 Category: podcasts -- posted at: 1:57 AM |
|
Wed, 1 February 2006 Now brought to you at 128kbps sound. I upped my Libsyn account so that I could play with a higher quality recording. Let me know if this makes a noticable difference to you, or if you prefer the smaller file size. I am so looking forward to the RSA conference in San Jose in two weeks. Even though I'm going to be in San Jose over Valentine's Day, my wife is graciously letting me go to the convention. Could be the fact that her parents will be here the weekend before. Either way I'll take it. Tonight's music was Corporate Graveyard by BB Chung King and the BuddaheadsNetwork Security Podcast, Episode 12, January 31, 2006EFF Sues AT&T to Stop Illegal SurveillanceAMD forums laid low by Windows exploitWinamp Computer Name Handling Buffer Overflow VulnerabilityChecklist: 11 things to do after a hackState Laws Governing Security Breach NotificationKeeping SecretsTechnorati Tags: security, podcast, privacy, PCIDirect download: nsp-013106-ep12.mp3 Category: podcasts -- posted at: 1:30 AM |
|
Wed, 25 January 2006 Episode 11 is in the can. I had a scare in the middle of the podcast when a 'Disk out of Space' error popped up on my screen, so I had a few moments of panic there. Luckily I was able to delete some patch uninstall files, which I probably had no need for anyways. I hope. It was a bit slow in the news department this week, so the podcast came in at just under thirty minutes. Tonights music was Godspell by Single 7Network Security Podcast, Episode 11, January 24th, 2006San Francisco Podcast Meetup GroupPDFCreator (Thanks Rob) Illusions of Security; wrap-up for Mac OS XPodcasting a conversationAmy Gahran: The Right ConversationThe Human Factor and SecurityFBI: Most Companies Get HackedFBI says attacks succeeding despite security investmentsHollywood's MP denounces "users," "EFF members"Undervolting a laptopPs, had another slight scare at the end of the recording. Apparently there was some sort of corruption in the wav file, and LAME choked a little on the conversion. Please let me know if you hear anything out of the ordinary. Technorati Tags: Security, Podcast, PCI, Direct download: nsp-012406-ep11.mp3 Category: podcasts -- posted at: 1:08 AM |
|
Wed, 18 January 2006 Wow, I made it to the 10th podcast! It feels like I just started. I had some fun over the weekend recording the second episode of the Podcast Roundtable. If you haven't already listened to that recording, do me a favor: listen to it and give us some feedback. Tonight's podcast got started a little late because my wife got called into work and the boys didn't want to go to sleep, but I think I'm getting a bit more experience with the tools. It actually took me quite a bit less time to record and edit the podcast compared to the first time or two I did it. And I realize chickenpox isn't rare, it was just what came to mind at the time. Tonight's music was Secrets by Steve PiersonNetwork Security Podcast, Episode 10, January 17th, 2006Mac users 'too smug' over security and Mac security concerns answeredDRM Out of balancePassMark's SiteKey - Answering The Wrong QuestionCyber thieves steal about $70,000 from Y-12 credit unionSymantec owns up to 'rootkit'Rootkits in Commercial SoftwareAnd the Libsyn podcast only feed is mckeay.libsyn.com/rssTechnorati Tags: Security, Podcast, DRM, PCI, hackingDirect download: nsp-011706-ep10.mp3 Category: podcasts -- posted at: 1:40 AM |
|
Tue, 17 January 2006 This weekend I was joined by Dennis McDonald, Jeremiah Owyang, Robyn Tippins and Daniel Sweet via Gizmo. We had some technical difficulties, but nothing that was insurmoutable. Gizmo seems to work well with two or three people on the line, but when you add more anyone with a lower bandwidth connection experiences difficulties. Next time we hope to be able to use a land-line based teleconferencing solution, though those have been known to have problems too. Technical issues aside, we had some good conversations and discussed some interesting topics. It's interesting sitting down to talk to people who have a decidedly different view on technology and the direction it's going. I'm looking forward to the next Podcast Roundtable on February 11th. And hopefully there will be a Podcast Roundtable website in the near future. Podcast Roundtable, Episode 2, January 14th, 2006Show notes: Writely37SignalsGizmo ProjectAlfrescoIT ReduxiTunes: Apple's New Spyware and Adware Application?Technorati Tags: Collaboration, Apple, Office2.0Direct download: PRT-011406ep2.mp3 Category: podcasts -- posted at: 12:01 AM |
|
Wed, 11 January 2006 Tonight's podcast was a lot less stressful than last weeks. I made sure to have my iRiver iFP 895 hooked up and recording this time! And I think I've solved one of my problems with recording quality, so tonight's podcast should sound a little better. Let me know what you think. I'm also encoding at a slightly higher bit rate, so maybe that will help
Network Security Podcast, January 10, 2006 - Episode 9
Tonight's music was Raven's Wings by Amy Martin
First Sguil VM Available -- Sguil -- VMWare
Perspective: Create an e-annoyance, go to jail
Lake senior faces felony charge
Copy Protection
H&R Block blunder exposes consumer data
Visa Cardholder Information Security Program
Tonight's show came in at just under 30 minutes, exactly what I'm shooting for. As always, if you want to give me any feedback, you can leave me a voicemail at 916-231-9479 or send me an email at netsecpodcast@mckeay.net Direct download: nsp-01-10-06-ep9.mp3 Category: podcasts -- posted at: 1:48 AM |
|
Thu, 5 January 2006 It's a day late but here it is, the first podcast of 2006. It started off long but I hacked through it without mercy to bring the podcast back down to the length it should be. Tonight I was smart enough to record the whole thing to the iRiver, so there was no chance of accidentally deleting the whole thing (again). And I think maybe I should have been using my homemade pop filter tonight.
Network Security Podcast, January 4, 2006 - Episode 8
Tonight's musical selection is Kyo-piano-sus by Telopa. I needed something calm to help with my nerves after last night. Very pretty music.
Business and IT Must Work Together to Manage New "Web 2.0" Tools by Dennis D. McDonald and Jeremiah Owyang
Top 10 tips to keep that new computer spyware-free
New law ensures voting paper trail
Open Letter to Congress concerning the Analog hole
PCI Service Provider levels defined
Visit my Computerworld Blog at www.computerworld.com/blogs/mckeay/
The Podcast Reviewer
That's all folks, thanks for being patient.
Technorati Tags: security, computers, PCI, Web2.0Direct download: nsp-01-03-06-ep8.mp3 Category: podcasts -- posted at: 1:39 AM |
|
Wed, 28 December 2005 Well, the final podcast of 2005 has been wrapped up. It came in just a hair under thirty five minutes, and the new hardware sounds good. I have to go back a little later and see what the raw audio sounds like on the new iRiver iFP895. It's nice to have a backup to save me if there's ever a power failure in the middle of a podcast.
Network Security Podcast, December 27, 2005 - Episode 7
Tonight's musical selection is Shades of Blue by Tony Deziel. I hope I pronounced his last name correctly. This music is Creative Commons licensed, and found on Garageband.
DHS interest into the Little Red Book was a hoax
Using Metasploit in the real-world
Congress has big plans for technology reform in 2006
Windows Metasploid data leakage
Only one E-voting company left in NC
Iowa State University hacked ... again
Possible security breach, not details yet
This was written using Performancing for Firefox
Listen until the end of the podcast. I've got some pretty big personal news, and I'll be posting more here as the details become more solid. Have a safe and sane New Years, and I'll catch you next Tuesday.
Direct download: netsecpodcast-12-27-05-ep7.mp3 Category: podcasts -- posted at: 1:24 AM |
|
Wed, 21 December 2005 I kept tonight short because I spent most of the evening finishing the configuration of my new server. It's a second hand system, but it's still a big upgrade from the old one. Why is it that when I chose less articles to talk about, I end up talking longer about each one and use almost the same amount of time? Please let me know if you don't see the enclosures showing up for the latest podcast. I'm also encoding the podcast at a lower rate to save space, so let me know what you think.
Network Security Podcast, December 20, 2005 - Episode 6
Tonight's music by Lazy Bones by Ben Eyler, under the Creative Common license.
All Kind Food - Dennis D. McDonald
Computer forensics tool maker hacked
Top 10 System Administrator Truths
Fortune 100 sites leaking sensitive data
Lets see some ID
Sober does something good for a change
I mentioned Writely in a blog post earlier today, and agian in the podcast. Give it a try and tell me what you think about it. Direct download: netsecpodcast-12-20-05-ep6.mp3 Category: podcasts -- posted at: 1:42 AM |
|
Wed, 14 December 2005 I was trying a couple of different things tonight. First off, I recorded tonight's episode using Propaganda. Second, I edited the podcast. I did the editing in Audible, but I'd made a couple of flubs that were bad enough for me to decide to do the whole thing and edit out a number of my 'umm's. I like how the podcast sounds coming out of Propaganda, now I just have to get past the problem I have with distortion being introduced during the encoding.
Network Security Podcast, December 13, 2005 - Episode 5
Tonight's podsafe music by: Steven Francque - Sanctity of Tears
Two Microsoft patches released today
Portable Firefox and the PortableApps site
Tenable released Nessus 3.0
EFF is suing North Carolina
Massachusetts and the Open Document Format
Is the Cyberterror threat credible?
Hackers take down Russia Today
Black Tuesday
Sam's Club loses credit cards from the pumps
PCI Requirements: Default configurations
As always, thanks for listening, and you can send feedback to netsecpodcast@mckeay.net. Or you can try my new voice mail address at 916-231-9479. Direct download: netsecpodcast-12-13-05-ep5.mp3 Category: podcasts -- posted at: 2:08 AM |
|
Mon, 12 December 2005 Welcome to the first episode of the Podcast Roundtable. Daniel Sweet, Dennis McDonald and I tackle the issue of bypassing the IT department to get your job done. The three of us offer different view on the good and the bad about those departments that take a 'We'll just do it ourselves!' attitude.
This podcast was brought about by a question put forth on the LinkedIn Bloggers group, asking if it was okay to use free outside resources to get get a job done. Basically, with the profusion of free blogging tools, online databases and wiki's, many of the tasks that have been historically provided by IT can be found online elsewhere for free. Is it acceptable to use these resources and if so, what are some of the risks?
The audio is a little rough, with some echos, which I blame on myself and my hardware. Hopefully we'll be able to make a little cleaner recording next time.
Podcast Roundtable December 10th, 2005 - Dennis McDonald, Daniel Sweet, Martin McKeay
Daniel Sweet is a Houston-based IT consultant. His site, Houston and Texas Area IT Job Seeker Listings & Career Advice, is aimed at helping IT professionals find jobs in Texas and providing answers to people who want to start careers in IT.
Dennis D. McDonald is management consultant in Alexandria, Virginia, and runs All Kind Food. When not travelling or cheering on his favorite college football team, Dennis is also a moderator for the LinkedIn Bloggers group on Yahoo.
And I almost forgot, you can do us all a favor by providing feedback! You can either send me an email at netsecpodcast_AT_mckeay.net, or leave me a voicemail at 916-231-9479. Leave me a voicemail and I may include it in the next podcast. Direct download: Podcast_Roundtable_-_12-10-2005.mp3 Category: podcasts -- posted at: 12:16 AM |
|
Wed, 7 December 2005 Sooner or later I'm going to learn to save my work in progress; this time I closed the blog entry by accident whe I was closing a window I no longer needed open. Ah well. I'm still having some issues converting to MP3, so if you know what's causing some of the distortion once I convert, please drop me a line.
I discuss several things that caught my eye this week, like the Common Vulnerability Scoring System, more on Diebold, spear-phishing, several articles that don't say anything new, Cisco hiding bugs, Microsoft needs CISSPs, and a wrap up with the first of the PCI requirements.
Network Security Podcast, December 6, 2005 - Episode 4
Tonight's podsafe music by: Deborah Dalton - Brother's Keeper
Federal flaw database commits to grading system
Diebold loses legal case, certified anyway
Gone Spear-Phishin'
Security's Shaky State
Firms face growing IT security danger from 'enemy within'
Firm Allegedly Hiding Cisco Bugs
Microsoft pads security partner competency
As always, thanks for listening, and you can send feedback to netsecpodcast@mckeay.net. Hopefully next week I'll have a callin number to add. Direct download: netsecpodcast-12-06-05-ep4.mp3 Category: podcasts -- posted at: 1:20 AM |
|
Wed, 30 November 2005 Oy, I can't believe what I just did. I spent over an hour preparing for the podcast, recorded it, and then as I'm editing the audio, I decided to close the Firefox tabs. As I close the last one I realized I hadn't created the show notes yet. D'ohh. So, if I've missed a link, please let me know and I'll add it as soon as I can. Tonights show is just over 45 minutes, including the music at the end! At this rate, I'll have to go to a twice weekly show. Download the file and listen to me rant about Diebold voting machines, talk about the EPIC Top 10 and Chilling Effects, as well as give my own views on PCI.
As a side note, I think some of the audio effects I'm picking up are the built in sound card on my system. I thought it was pretty good, but I'll just have to buy a better sound card and find out (next year, that is).
Network Security Podcast, November 29, 2005 - Episode 3
Tonight's podsafe music by: Redshell - The Answer
DoS Exploit for MS05-053 released
Microsoft Internet Explorer "window()" Arbitrary Code Execution Vulnerability
EFF challenges Diebold exemption in North Carolina
N.C. judge declines protection for Diebold
California invites Black Box Voting to hack Diebold voting machines
Fasten your seatbelts - It's time to bring this thing in for a landing
Hoofnagle's Consumer Privacy Top 10
Consumer Protection
Excommunicated?
Chilling Effects
Efficient Process or �Chilling Effects�?
FBI Warns the Public
PCI Data Security Standards
As always, thanks for listening, and you can send feedback to netsecpodcast@mckeay.net. Direct download: netsecpodcast-11-29-05_ep3.mp3 Category: podcasts -- posted at: 1:39 AM |
|
Mon, 28 November 2005 For show notes please visit the Network Security BlogDirect download: netsecpodcast-11-22-05_ep2.mp3 Category: podcasts -- posted at: 9:25 PM |
|
Mon, 28 November 2005 For show notes, please go to the Network Security BlogDirect download: netsecpodcast_11-15-05.mp3 Category: podcasts -- posted at: 9:22 PM |
|
Mon, 28 November 2005 I'm just placing this here as a ... well, a placeholder. If you want to see my real blog and the home of my podcast, go to:
http://www.mckeay.net/secure/ Category: podcasts -- posted at: 8:59 PM |
|
