Network Security Podcast

This week I talked to Ravi Ganesan, founder of TriCipher.  He fills me in on some of what's been happening with Man in the Middle attacks against two-factor authentication used by banks and financial institutions.  It sounds like this is a fairly small issue right now, but it could quickly grow in the near future.  Ravi is clearly an expert on authentication solutions and gives some hints about where security professionals need to be looking in the future.  I also take a few minutes to talk about some changes that may be happening to the PCI standards in the near future, the concept of compensating controls.   By the way, I mistakenly called Ravi the CEO in the podcast, sorry for the mistake.   I'm not a CSO either, so I figure that makes us even. 

Network Security Podcast, Episode 36, July 25th, 2006

Time: 45:27

Tonight's Music:  Shemekia Copeland - Breakin' Out


Technorati Tags: security, podcast, Man in the Middle attack

Note to self, don't schedule interview before the second cup of coffe.  This past Sunday morning I had a chance to talk to Brian Contos from ArcSight, who has a book coming out next month, Enemy at the Water Cooler: True Stories of Insider Threats and Countrmeasures.  Brian has a lot of great stories and experience dealing with the insider threat in the real world, which he's more than willing to share with us.  There's a lot more Brian has to share, so we'll very likely be hearing from him again in the near future.  It ended up being a long interview, but I hope you get as much out of our conversation as I did. 

Network Security Podcast, Episode 35, July 18th, 2006

Time:  51:20

Tonight's Music:  Michael Burks - Heartless from Alligator Records



Technorati Tags: security, insider threat, Brian Contos

It's back to being just me on the podcast, at least for tonight.  I was supposed to have a special guest on the show tonight, but he had to back out due to other commitments.  You'll have to listen to the podcast to find out who it was going to be.  I hope I'll still be able to interview him in the near future.  But I'm learning not to count my interviews before they're recorded.  Vacation was a lot of fun, and you can find an expanding set of photos on my Flickr account. 

Thanks to Mike Farnum and Steve Murawski for pointing me to Sudo for Windows. 

Network Security Podcast, Episode 34, July 11, 2006

Time:  29:14

• ADP lost 125,000 records to a social engineering hack
• FBI wants more wire-tapping capabilities
• Bruce Schneier on:
• Brennan Center Report on Security of Voting Systems
• Terrorists, Data Mining and the Base Rate Fallacy
• Retailers fail to pass security test

Tonight's music:  Stop Watching Your Enemies by Koko Taylor


Technorati Tags: security, government, PCI