Network Security Podcast

...and now Rich is dealing with an entire family of "sick". Zach must be empathizing, as he's also a bit under the weather, but joins Martin for a romp through this week's stories.

Network Security Podcast, Episode 313, May 21, 2013

Time: 41:13

Show notes:

• Is It Wrong to Use Data From the World’s First ‘Nice’ Botnet?
• Google Reveals How To Hack Google Glass Device (And Void Your Warranty)
• Google On Glass Privacy Issues & Congress: “Social Cues” Will Help, Plus It Takes Trust Seriously
• The man who 'nearly broke the internet'
• FedRAMP seal of approval clears Amazon for more government work
• Think your Skype messages get end-to-end encryption? Think again
• Elderwood and the Department of Labor Hack

• Tonight’s Music: Zombie Apocalypse by Quiffs n Coffins

Rich is dealing with some sick babies, so Martin and Zach inadvertently make the show about corporate and government (not just the U.S. this time!) surveillance.

Network Security Podcast, Episode 312, May14, 2013

Time: 38:26

Show notes:

• How the Syrian Electronic Army Hacked The Onion
• U.S. Weighs Wide Overhaul of Wiretap Laws
• FBI’s Latest Proposal for a Wiretap-Ready Internet Should Be Trashed
• Bloomberg reporters allegedly used financial terminals to spy on Wall Street
• A Saudi Arabia Telecom's Surveillance Pitch

• Tonight’s Music: London Girl by Lato

What didn't make the show:

• Banks Say Fed Should Lead in CyberSecurity for Industry (oddly, hosted on Bloomberg news)
• State Department Demands Takedown Of 3D-Printable Gun Files For Possible Export Control Violations
• Apple deluged by police demands to decrypt iPhones

Long show with short notes this week as Wade Baker of Verizon and Josh Corman of Akamai join us to talk about the Verizon Data Breach Investigations Report.

This is a must-read report and our short podcast can't possibly do it justice, but we made our best effort.  Listen to the end, we have some big news!

Network Security Podcast, Episode 311, May 1, 2013

Time: 48:49

Show notes:

• The 2013 Verizon DBIR
• Tonight’s Music: Tipping - Marucci - Dube  with I'm Confused

After a hectic couple of weeks -- conferences, travel, and city-wide lockdowns -- recovery is sorely needed, but we push through a relatively lively show with a teaser for a bigger debate^Wdiscussion slated for next week.  And somehow the podcast just keeps getting a little longer every week.

Network Security Podcast, Episode 310, April 23, 2013

Time: 43:06

Show notes:

• Japanese police ask ISPs to start blocking Tor
• Post Boston: Privacy advocates warn about coming tsunami of surveillance cameras
• Law professor makes a case for legally recognizing the Dangers of Surveillance
• US House of Representatives passes CISPA cybersecurity bill
• Hacking Trial Devoid of Hacking Awaits Jury Verdict
• The update jungle: PC owners have to watch 24 sources for fixes
• Sources: Tea Leaves Say Breach at Teavana

• Tonight’s Music: We've Gone Crazy by Soul of the River

What didn't make the show:

• Sources: Tea Leaves Say Breach at Teavana
• Silicon Valley companies quietly try to kill Internet privacy bill
• The Bearer of BadNews
• Former Hostgator employee arrested, charged with rooting 2,700 servers

Due to a last minute work engagement, Rich is not present on tonight's show. Martin and Zach attempt to compensate for Rich's absence by being snark but also half-asleep.  We'll leave it to you to figure out which half of that we feel is most like Rich.

Network Security Podcast, Episode 309, April 9, 2013

Time: 41:04

Show notes:

• Apple's iMessage encryption trips up feds' surveillance
• Google will fight secretive national security letters in court
• Privacy group calls for changes in CISPA cyberthreat sharing bill
• Unlocking the Motorola Bootloader

• Key Lulzsec hackers plead guilty in London courtroom

• What didn't make it into the show:

• Letting Down Our Guard With Web Privacy

• PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 released (update to a story last week)

• Tonight's Music: Green Druid with Night Dance

Getting three security professionals to slow down long enough to record a podcast together is always a challenge and tonight was harder than usual.  Part of the problem is that there are so many interesting stories going on right now.  But the fact that we all have jobs and families is a much bigger part of it.  This week we talk about HSM in the cloud, DDoS attacks, and of course, our government spying on us.  Such unfamiliar territory.

Network Security Podcast, Episode 308, April 2, 2013

Time: 40:17

Show notes:

• AWS CloudHSM - Secure Key Storage and Cryptographic Operations
• Killing hackers is justified in cyberwarfare, says NATO-commissioned report
• Spam dispute becomes 'largest cyber attack' in history of the internet
• The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)
• That Internet War Apocalypse Is a Lie
• Government Fights for Use of Spy Tool That Spoofs Cell Towers
• FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
• Permission to Spy: An Analysis of Android Malware Targeting Tibetans
• Security fix leads to PostgreSQL lock down
• Tonight's Music:  Copesetic with My Old Soul

Here's the first of the interviews that were recorded at the 2013 RSA Conference in San Francisco, CA at the end of February.  My first interveiw was with Michael Markulec, CEO of Lumeta.  Micheal and I talk about the importance of knowing what's on your network, which has become even more important as the BYOD movement has more devices beyond your control showing up on your network every day.  I apologize for the background noise, I made several mistakes in setting up my mics at RSA.

NSP Microcast, RSAC 2013:  Lumeta

Time:  8:42

After another two-week hiatus, the gang is able to pull off a show (despite some serious jet-lag and sleep deprivation). Maybe, JUST MAYBE, we can keep this trend up (the recording part, not the "ridiculously tired" part).

Network Security Podcast, Episode 306, March 19, 2013

Time: 33:24

Show notes:

• Indicators of Impact — Ground Truth for Breach Impact Estimation
• A Real-Life Prison Break for Ugly Gorilla?
• The World Has No Room For Cowards
• The Lesser of Two Weevs
• National Security Letters Are Unconstitutional, Federal Judge Rules
• Tonight's Music: We are the Living with London Rain

And now that Martin's home, Rich is off on baby-leave (I think that's what it's called). Martin and Zach briefly discuss this week's big news -- Mandiant's "APT1" threat intelligence report, which we strongly encourage you to read yourselves. Also, Martin gives us a bit about his experience attending ShmooCon 2013 this past weekend. Spoiler alert: http://imgur.com/GUYy8Rn

We'll likely be skipping next week's show while attending RSA, but if you're around, seek us out for a beer.

Network Security Podcast, Episode 304, February 19, 2013

Time: 30:32

Show notes:

• Mandiant APT1 Report
• DDoS Attack on Bank Hid $900,000 Cyberheist
• Facebook Hacked, Mobile Dev Watering Holes, and Mac Malware
• Apple hacked by same group that attacked Facebook
• Pint-Sized Backdoor for OS X Discovered
• [Edited]This week's music:  Midlife Tragedy by Rad Thought

Rich goes missing again (but this time due to work [or so he says]). A slightly shorter show this evening, wherein Martin and Zach discuss upcoming events, like RSA, SOURCE Boston, BeaCon, etc., as well as -- oh, look at that, already surpassed a 300th CVE entry for 2013. Oh, and it's Ruby on Rails!

Network Security Podcast, Episode 301, January 29, 2013

Time: 29:57

Show notes:

• Cloud Security: The Secret Sauce
• Rails PoC exploit for CVE-2013-0333
• What the ban on unlocking phones means (worse than you think)
• Tonight's Music:  Free To Be Freaks by Freak Accident