An Information Security Place

Just got this from Skype.  Anyone else ever see this?  I have never received spam from Skype.

Vet

Here’s episode #6.  Jim was in a hotel room in California, so forgive any degradation in quality and the shorter-than-usual length.  Just another risk when you are a world-traveling consultant like Mr. Broome.

As usual, we welcome feedback of any kind (we reserve the right to delete profanity).  Please let us know how you like / dislike the show.

Also, I know the feed is broken via feedburner.  Not sure what is going on there.  I am looking into it.  For now you can download the podcast via the link below.

OK, here are the show notes:

InfoSec News Update:

• Rsnake and Grossman’s talk on clickjacking pulled due to lack of feed back by some vendors and a request from Adobe to pull the OWASP USA talk until they issue a patch.
• Apple and Cisco Release Patches
• Followup – VMware Fusion 2.x not all that good!!!
• Palin hack – We don’t give a crap anymore!

Discussion on Remote access and employee termination – Open discussion on the recent articles
and whitepapers:

• Watchguard’s Whitepaper on employees working from home
• Former Intel Employee working Charged with IP theft – works for AMD and used former intel VPN access that wasn’t disabled.

Segment 2:

• Geek Toys – Lock pin set disguised as a writing pen
• Consultants Corner – Dealing with with vendors – From the Services side (Jim) and from the Reseller side (Michael)

And the wonderful music picks from Jim:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Climax – “OnTheEdge”
• Segway 2 – Climax – “Eternity”

Link to MP3

Come on people.  Working on an RFP response, and the vendor misspelled HIPAA.  Drives me frickin’ insane.

Vet

OK folks.  Here’s the long awaited episode 5 of the the podcast.  Sorry for the delay in getting this one out.  Hurricane Ike put a big damper on our plans since I was without electricity for a few days.  Internet has been spotty as well, but it held up for Jim and I to record last night.

Link to MP3

Show notes:

• Hotel networks put corporate users at risk – Dark Reading
• Google’s Chrome came out and lasted about 5-6 hours before the first exploit.
• VMware releases a mass of updates with a lot of mixed status (from ESX to workstation)
• UK Firm (Peratech) has developed and on/off switch for RFID devices
• FrontRange Solutions releases DeviceWall for Vista – protect against USB attacks
• WASC Announces 2007’s Web app Security statistics

• Geek Toys – Personal Raid Devices – aka Drobo Review
• Consultants Corner – Dealing with clients that are bound by compliancy requirements.

Music:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Climax – “OnTheEdge”
• Segway 2 – Climax – “Eternity”

Vet

The last few days have held many challenges.  Basic necessities like food and water have been in short supply.  Not so basic necessities like electricity, air conditioning (thank God for the cool front that came down right after the storm), phone, and TV have been gone.  But the one thing that has really bothered me is the loss of the Internet (Starbucks and other places were closed).  This has caused me to feel more disconnected than ever before.  And though it was probably good to unplug for a few days, it is also how I earn a living for the most part.    The information junkie in me is also suffering greatly.

So when the Internet came back up at the house, I was thrilled.  The junkie in me would be satiated. I started tapping a vein, and then I connected.  I started working and surfing.  I looked at what was going on with the world, with the tropics (nothing so far), and security.  I got some work done.  I reconnected.

Well, this morning, it all hit again like a brick.  Yes, the Internet was dead.  I was without my fix.  But hey, I remembered that Starbucks had opened up.  W00T!  I headed out for my fix. 

When I arrived, I ordered a beverage, and sat down to connect.  I expected the typical T-Mobile screen with the AT&T Internet link (I have AT&T broadband at the house, so Internet is free for me at Starbucks).  It surprised me when I connected straight to the Internet without any portal screen.  What was going on?  When I expressed surprise to the guy sitting next to me, he stated that they had opened up their Internet to everyone for free.  That was a pleasant surprise, even though it would have been free for me.  It really made me feel grateful, and it showed that people care.  So kudos to Starbucks on 2920 and Kuykendal in Spring, TX.  I appreciate you, and I will bring you my business from now on.

Vet

I’m back!!  Water, power, phone, AND Internet.

Vet

Image credit: NASA

Here’s a slightly modified pic that I posted on TwitPic.  It shows where Ike is supposed to go and where I live (Tomball, TX).

Image credit:wunderground.com and me.

Thanks for the prayers.  I’ll see everyone on the other side…

Vet

This is pretty cool.  A poker table that can read RFID tags in the cards.  Hmmm…  Thinking of the hacking / cheating possibilities with that.

Vet

I have been blocking more and more Twit spam followers lately on my Twitter account.  Some of the accounts have been suspended by Twitter, which is great, but it is still a a nuisance.  Just one more by-product of Web 2.0 I guess.

But the real quandary is what to call Twitter Spam.  SPIT is already taken (Spam over Internet Telephony).  Maybe SPITT, with an extra “T”?  How about TWAM?  But most spam names are acronyms and start with “SP”.  How about SPER?  Uhhh, that would probably not be good.  SPITTER?  Hmmm, that might work.

Any ideas?

[UPDATE]: What about “Spittle”?

Vet

Episode 4 is here folks.  We had a couple of times of weirdness happen, so forgive some of the bumps and weird splices going along.  Here are the things Jim and I had some discussions around:

• More privacy rights violations, this time through people doing dumb things are just being lazy – low tech hacks
• FEMA voicemail system hack leading to $12k of long distance calls – default password left on system!
• Hurricane Gustav led to a discussion about DR / BC
• PCI 1.2 and what it means for you (if you have to deal with that crap)
• Consultant’s Corner – I blab about how you have to be prepared, set expectations, be knowledgeable, and be FLEXIBLE (I wrote a post about this).
• Geek toys was not included this time, but it will be in the future.

Also wanted to give shout outs to Ross at http://www.secureputer.com and Jean-Christophe at http://www.phocean.net, two brand new security blogs out there, which we mentioned in the show.

Music notes:

• Intro was Digital Breaks with “Therapy”
• The first segway was Climax with “OnTheEdge”
• The second segway was Climax with “Eternity”

Link to MP3

Link to the podcast site

Vet

Let me know what you think.  No, it is not my head.

Vet

I had a dream last night that I should move to Ubuntu on my laptop.  Some dude (don’t know who he was) was in my dream, and he acted like he knew me and we were in business together.  He said we needed to move to Ubuntu on our laptops.  I agreed.  Is this prophetic?  Probably not.  Just thought it was interesting.

Vet