Network Security Podcast

We probably more the doubled the number of stories we talked about this week, but we only added about 8 minutes to the length of the podcast. You can consider this the "death by a thousand cuts" podcasts as we cover a string of shorter stories, ranging from a major IIS vulnerability, through breathalyzer spaghetti code, to how to get started in security.

We also spend a bit of time talking about Black Hat and Defcon, and celebrate hitting 500,000 downloads on episode 150. Someone call a numerologist!

Network Security Podcast, Episode 151, May 19, 2009
Time:  42:24

Show Notes:

• Breathalyzer source code released as part of a DUI defense... and it's a mess.
• A DHS system was hacked, but only a little information made it out.
• Secret questions for password resets are often weaker than passwords, and easy to guess.
• Does tokenization solve anything? Yep.
• Kaspersky finds malware installed on a brand new netbook.
• Malware inserts malicious links into Google searchers.
• Google Chrome was vulnerable to Safari Pwn2Own bug. Both are WebKit-based, so we shouldn't be too surprised.
• Information on the IIS 6 vulnerability/0day.
• How to get started in information security by Paul Asadoorian.
• Tonight's Music:  Liberate Your Mind by The Ginger Ninjas
  

This is one of those good news/bad news weeks. On the bad side, Rich messed up and now has to retake an EMT refresher course, despite almost 20 years of experience. Yes, it's important, but boy does it hurt to lose 2 full weekends learning things you already know. On the upside, this is, as you probably noticed from the title of the post, episode 150! No, we aren't doing a 12 hour podcast like Paul and Larry did (of PaulDotCom Security Weekly), but we do have the usual collection of interesting security stories.

Network Security Podcast, Episode 15, May 12, 2009

Time:  38:18

Show Notes:

• UC Berkeley loses 160K healthcare records.


• Most people think they will be hacked. Duh.


• Heartland spends $12.6M on breach response. Possibly half going to MasterCard fines.


• Rich debuts the Data Breach Triangle, which Martin improves.


• Tonight's Music:  Neko Case with People Got a Lotta Nerve.  Who knew Neko case had a podsafe MP3 available?

It's been a bit of a strange week on the security front, with good guys hacking a botnet, a major security vendor called to the carpet for some vulnerabilities, and yet another set of Adobe 0days. But being Cinco de Mayo, we can just margarita our worries away.

In this episode we review some of the bigger stories of the week, and spend a smidge of time pimping for a (relatively) new site started by some of our security friends, and a new project Rich is involved with.

Network Security Podcast, Episode 149, May 5, 2009

Time:  34:08

Show Notes:

• The Social Security Awards video is up!


• Yet more Adobe zero day exploits. Now it's just annoying.


• McAfee afflicted with XSS and CSRF vulnerabilities.


• Torpig botnet hijacked by researchers.


• New School of Information Security blog launched.


• Project Quant patch management project seeking feedback.


• Tonight's Music: Wound up Tight by Hal Newman & the Mystics of Time