Network Security Podcast

Rich and I are preparing for Thanksgiving, just like everyone else in America right now.  I don't know about you, but that primarily means I have five days of work to accomplish in three days of the week.  So we didn't organize a guest this week, we sat down together (1000 miles apart) and talked about some of the stories that caught our attention over the last couple of weeks.  It's a good show, and we're out of here until after Turkey Day.

Have a great Thanksgiving!

Network Security Podcast, Episode 129, November 25 2008

Show notes:

• Security FAIL - But I changed my Twitter password...  
• Gmail Security Flaw PoC
• Kernel Vulnerability found in Vista
• Final judgment:  SCO owes Novell millions (plus interest)
• Decreasing security for perceived security - all in the name of compliance
• Managing Security in Economic Downturns
• The Julie Amero forensic analysis

We're joined today by Glenn Fleishman to talk about our own recent past and the recent cracks in the WPA armor.  Rich recently got to visit Russia to participate in a talk on Data Leak Prevention, while Martin got his own sit down with DHS Secretary Michael Chertoff.  Glenn had a little excitement of his own, with a detailed article on the recently revealed vulnerabilities in WPA using TKIP.  It's a small vulnerabilty, but both Rich and Glenn suspect it's just a precursor to bigger, badder things to come. And somewhere in there, a three year anniversary for the podcast slipped by.

Network Security Podcast, Episode 128, November 18, 2008

Show Notes:

• Battered but not broken:  understanding the WPA crack 
• Practical attacks against WEP and WPA 

No time for any music or fancy stuff like that.

When I first got an invitation to attend a roundtable discussion with Department of Homeland Security Secretary Michael Chertoff, I thought thought it was a hoax, as did some of the people I asked about it.  A little fact checking revealed that it was the real deal, but the meeting was in Washington, DC.  Traveling cross country for an hour meeting isn’t in my budget, so I regretfully passed on the opportunity.  Fast forward a month and the invite comes again, but this time it’s happening at Stanford University.  There’s no way I could pass that by.  Andrew Storms and George Ou expressed interest in going and Secretary Chertoff’s Press Secretary, Caroline Dieker, made the arrangements and we were all invited to attend.

I was impressed by Secretary Chertoff; he speaks plainly, with only a little of the evasion I’d expected from someone in a position like his.  I don’t agree with all his arguments and ideas, but he was very open to discussing them publicly.  I almost feel bad that he’s going to be gone come January.  I tried to tweet the whole thing as much as possible, but it’s easy to get distracted in a situation like this.  I captured the entire conversation on my little iRiver 795 and here it is so you can listen for yourself. 

Network Security Podcast, Episode 127, November 11, 2008 - Blogger Roundtable with DHS Secretary Michael Chertoff

This is a special Get Out and Vote episode.  Rich is in Russia of all places and Martin is on the road most of today, so this episode was recorded on October 31, 2008, Halloween.  And there isn't much scarier today than Direct Recording Electronic (DRE) voting machines.  That might make a good costume next year.  In any case, exercise your right and responsibility to vote today!

Network Security Podcast, Episode 126, November 4, 2008

Show Notes:

• Voting machine lab de-certified
• Voting problems in Texas
• Warning sent out about Diebold (Premier) DRE's
• Going back to paper ... cause it works
• Video the vote - But check your local laws first!

PS.  We took great pains to make sure the audio quality was a lot better this week.  Thanks for listening