An Information Security Place » Security

An Information Security Place Podcast – Episode 36

Michael Farnum — Thu, 03 Jun 2010 03:33:57 +0000

So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

Info Sec News Moments:

Kudos to MS’ IE 8 Add Campaign – Link Here
Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
Android and the SMS Rootkit Hack – Link Here
Google Ditching Windows due to Security Concerns – Link Here
Denver OWASP – SnowFroc Con – Link Here

Music Notes:

Intro / Outro – Digital Breaks – “Therapy”

Link to MP3

An Information Security Place Podcast – Episode 35

Michael Farnum — Mon, 03 May 2010 14:00:03 +0000

Episode 35 is here. The format is different today. Instead of you listening to Dan, Jim, and me yap about news and pontificate about security topics, you are going to hear a talk I gave at the Texas Technology Summit in early April 2010. The talk title and synopsis are below, along with a link to the slide deck.

Title: Breaking Down the Enterprise Security Assessment

Synopsis: Many enterprise security assessments look at too few attack vectors or do not dig far enough into the attack vectors once a vulnerability has been discovered. Come join a discussion on the breakdown of a security assessment, explore the essential attack vectors, and debate the depth to which the assessment should go.

Link to MP3

Link to slides

An Information Security Place Podcast – Episode 33

Michael Farnum — Fri, 12 Mar 2010 21:34:19 +0000

Yes, the logo is weird this time. If you can’t tell what it is, maybe this will help. For the first time ever (and probably the only time since I don’t get to Atlanta much), An Information Security Place Podcast has joined forces with the Southern Fried Security Podcast to create a joint episode. Can you see it now?? Yes, that is the logo for An Information Security Place Podcast placed over Colonel Sander’s face (he is the patron saint for the SFS podcast). Yea, I thought it was actually kinda freaky, too. but what else do I have to do with my time??

So we joined forces for a couple of reasons:

Because I was in Atlanta to speak about security assessments at the local NAISG chapter.
I begged Martin to let me post it up as episode 33 over here since Dan, Jim and I haven’t had a chance to record yet, and this makes it all better!

So we stayed in the same room where the event was held and got irradiated by a myriad of computer and sound equipment while recording the podcast. I had to wear someone’s headset, and now I have some kind of weird rash and some minor swelling around my ears. And to make it even more fun, Mike Rothman sat across from us the whole time and heckled us. What a night.

Actually, I had an awesome time. Very good times with very good friends. Thanks to the whole Atlanta NAISG crew and the SFS podcast crew (Andy Willingham, Martin Fisher, and Steve Ragan) for inviting me in with typical southern hospitality (even though Steve is a Yankee).

As to show notes, I am lazy. I am only going to have one note (below) because it is the one news item that I brought along and the ONLY one that Andy didn’t include in his notes (in fairness, I never sent him the link). Here’s a link to the SFS podcast site with the rest of the notes. (Hey, Andy did the hard work – why duplicate efforts??)

Caleb Sima says that developers shouldn’t learn anything about security – Link here

Link to MP3

iTunes picked up the wrong episode

Michael Farnum — Tue, 23 Feb 2010 22:28:04 +0000

Just realized that iTunes picked up Episode 31 instead of episode 32 on the latest post. I had to delete the enclosure in Wordpress and then recreate it. Not sure what happened. If you subscribe to the podcast via iTunes, you may need to delete Episode 32 and then update. Sorry about that!

Vet

An Information Security Place Podcast – Episode 32

Michael Farnum — Thu, 18 Feb 2010 13:24:35 +0000

OK, holy crap. We expected this episode to be pretty short since Jim was not around to add his golden commentary, but we got to yappin’ and churned out almost an hour of content (I use that term loosely). So enjoy the show!

Show Notes:

InfoSec News Update –

Iran Shutters Google’s Gmail Service, offering own email for citizens – Link here
Security Scoreboard – Link here
Brian Kreb’s has blog post used by scammers - Link here and Sophos article link here
The Death of Product Reviews (Mike Rothman at Securosis) - Link here
TSA agent arrested for molestation - Link here

We won’t get intot he details here because this guy is sick, but I had to point out this line from the TSA blog about the issue:

“TSA holds the highest standards for our workforce and this individual’s actions do not reflect on the more than 50,000 men and women who work every day to keep the traveling public safe.”

Hacker threat forces DoH to close appraisal site (Political Activist?) - Link here

Discussion Topic – Smaller, more intimate security conferences (Security B-Sides, Schmoocon, etc)

Intro/Outro – Digital Breaks – “Therapy”

Segway 1 – Guitar Slingers – “Johnny Dangerously”

Segway 2 – Matthew Ebel – “Trees”

Link to MP3

An Information Security Place Podcast – Episode 30

Michael Farnum — Tue, 26 Jan 2010 02:02:00 +0000

Link to MP3

The first podcast of the new year is here, and it is a nice round number! That is sweet! So please forgive any weirdness in the way this episode sounds. It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting. Jim is a miracle worker, but even he could not make it completely fluid!

Also, because of scheduling, Dan did not get to join us. But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys. I think you will enjoy this episode, even with all the weirdness!

Show Notes:

Info Sec News Update -

Jim, Michael, and Tyler talk about all the Google Hacking – Link Here

Interview #1 -Michael with Roger Hegland of TruARX

Interview #2 - Jim with Mike Tuchen of Rapid7

“Added Bonus to Our Listeners”

Going to RSA? Join Rapid7 on March 3^rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp

Discussion Topic - PCI in the Gaming Industry

Music Notes –

Intro/Outro – Digital Breaks – “Therapy”
Segway 1 – Building Rome – “Dr. Doctor”
Segway 2 – Megaphone – “Write it Down”
Segway 3 – This is Fiction – “Breathe”

An Information Security Place Podcast – Episode 28

Michael Farnum — Fri, 11 Dec 2009 13:49:11 +0000

Link to MP3

OK, this was just a stupid, crazy, and fun episode. We had technical hiccups, a roving co-host that likes to text another cohost during recording, plus this episode is late getting recorded because of end-of-year schedule. But we powered through it, and Jim got to spend a lot of time on post-production.

I think you are going to enjoy this randomness…

Show Notes:

InfoSec News Update and Geek Toys Update –

T-Mobile Employee causes largest data theft in the UK – Link Here
Government Security Woes
Story 1 – 5 TSA workers put on leave over online posting – Link here
Story 2 – The Party Crashing Scandal – Link Here
Story 3 – Felon working for DHS for 2 years – Link Here
Nessus 4.2 is released – Link Here
Rapid7 and Metasploit Community Projects – Link 1 / Link 2
ProxMark3 now shipping completed RFID read/write/clone kits – Link here
Moxie launched cloud-based WPA password Cracking – Link Here
Cure for Eye Strain – Gunnar Glasses – Link Here

Discussion Topic -

Changes to OWASP standard for 2010 –

Link Here

Consultants Corner - Picking your tools wisely… 2009/2010 update

Music Notes –

Intro/Outro – Digital Breaks – “Therapy”
Segway 1 – This is Fiction – “Breathe”
Segway 2 – Patent Pending – “Los Angeles”
Segway 3 – The FUMP – “”All You Can Tweet”

An Information Security Place Podcast – Episode 27

Michael Farnum — Thu, 12 Nov 2009 12:51:51 +0000

Link to MP3

OK, Episode 27 is FINALLY here. Sincere apologies to all of our listeners. We really could not avoid the long break. Work and family and everything else seriously pounded us this time. ENJOY!

Show Notes:

InfoSec News Update -

FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach – Link Here
Senator says the cybersecurity chief should be in DHS, not the White house – Link Here
Major SSL Flaw Find Prompts Protocol Update – Link Here
Jailbroken iPhones more vulnerable to attack; ikee worm Rick Rolls iPhone users – Link Here
New FDIC Phishing Attack – Link Here
MSFT trying to walk the annoyance / security fine line with toned down User Access Control (UAC) in Windows 7 – Link Here
Awesomely funny story about an IT engineer in Iraq annoying the troops with some bogus war driving – Link Here

Discussion Topic - Highlights from Michael’s NAISG Chapter Meeting

Geek Toys – “Ideas to get your Geek for Christmas”

Still Need A Netbook? Try and Acer or a Dell
Playing with GPU Acceleration – The Nvidia GTX 260 is a great choice
Windows 7 – Pick your favorite version
Network Attached Storage – 2 Drive / 4 Drive / 8 Drive Solutions
Make Perfect BBQ everytime – DigiQ system from thebbqguru.com

Music notes -

Intro/Outro – Digital Breaks – “Therapy”
Segway 1 – Nathan Lee – “Hold Me Down”
Segway 2 – Junk Yard Groove – “Its OK”
Segway 3 – Great Luke SKI – “Parents Bought Me intellivision”

An Information Security Place Podcast – Episode 26

Michael Farnum — Thu, 01 Oct 2009 10:51:19 +0000

Link to MP3

Episode 26 is here. It almost didn’t happen since I was playing remote helpdesk dude for a relative from my hotel room in Dallas right before the recording, but we got it worked out. Enjoy!

Show Notes:

InfoSec News Update –

Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
Power Grid Takedown – a HowTO – Link Here
Court Ruling – Disloyal Computing is Not Illegal – Link Here
New OWASP Sponsored Web App Firewall – Link Here
MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
Trojans getting Smarter – Link Here
PCI DSS Update Could Include Virtualization Security – Link Here

Discussion Topic -

Encouraging Bad Behavior via marketing (Identity Guard Commercials)

Consultants Corner - Predicting what Security Consulting will be like in the future – Link Here

Music notes –

Intro/Outro – Digital Breaks – “Therapy”
Segway 1 – SwampdaWamp – “Lady”
Segway 2 – Building Rome – “Dr. Doctor”
Segway 3 – The Summer Set – “Chelsea”

Vet

An Information Security Place Podcast – Episode 25

Michael Farnum — Wed, 16 Sep 2009 02:00:01 +0000

Link to MP3

Episode 25 is here. Today’s podcast is different than our usual. Instead of having Jim, Dan, and me spout off and pontificate, I am interviewing Wesley McGrew from McGrew Security. Wesley is a security researcher at Mississippi State University’s Critical Infrastructure Protection Center, where he works to find vulnerabilities in SCADA software. He also operates mcgrewsecurity.com , where he blogs about information security topics.

Wesley caught a script-kiddie back in June trying to do some pretty weak SCADA hacking at a Dallas-area hospital. He and I talked about the incident and also discussed some of Wesley’s future plan (not much since he couldn’t divulge a lot – oooo, mysterious!). So enjoy the show. Links to the blog posts from Wesley’s script kiddie adventure are below.

http://www.mcgrewsecurity.com/2009/06/30/ghostexodus-the-eta-and-a-control-systems-incident-at-carrell-clinic-part-1/

http://www.mcgrewsecurity.com/2009/07/02/ghostexodus-part2/

http://www.mcgrewsecurity.com/2009/07/06/ghostexodus-the-eta-and-a-control-systems-incident-at-carrell-clinic-part-3/

http://www.mcgrewsecurity.com/2009/07/07/ghostexodus-part4/

Vet