An Information Security Place

Link to MP3

Episode 22 is here. Jim was not available to join me this time (been traveling and real busy), so Dan Kuykendall from NT Objectives was kind enough to fill in as co-host for today. We had some good discussion, and a show that I thought would be a little shorter ended up being pretty long. But it is good stuff. Here are the show notes:

InfoSec News Update -

• Vulnerable web servers on webcams, NAS, etc – Link Here
• Obama’s cybersecurity Czar quits – Link Here

People familiar with the matter said Ms. Hathaway has been “spinning her wheels” in the White House, where the president’s economic advisers sought to marginalize her

politically.

In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day

cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the

White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official.

• SSL Under attack this year at BlackHat/Defcon. These attacks don’t attack the math, they attack the (mis)usage of the clients and cert authorities

New Tricks For Defeating SSL In Practice (sslstrip) -Link Here

Researcher Exposes Flaws In Certificate Authority Web Applications – Link Here

• Defcon goon “Priest” is everywhere – Links Here and Here

Discussion Topic - The ol’ security guidelines / best practices discussion

Consultants Corner – Varied BlackHat / Defcon points -

• SSL issues
• Unmasking You talk by Joshua “Jabra” Abraham and Robert “RSnake” Hansen
• Dan’s general Opinions about web security talks – he was underwhelmed

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – AllofaSudden – “disAppear”
• Segway 2 – Battery Life – “Double Wide”
• Segway 3 – Rocket Propelled Geeks – “Sarlac”

Here’s the latest installment of the podcast.  Jim Broome talks about some of the BH / DC talks he was interested in and rubs in the fact that I didn’t get to go (he also rubs in the fact that he was in Hawaii last week – thanks Jim).

We get some closure on the Dan Kaminsky / DNS issue (well, it was closure for us anyway).

We talk a little about Alan Shimel’s adventures in pwnage.  We are not giving any details about the issue, but we give the big guy a little sympathy and some major props for his renewed sense of security importance and writing about the whole thing so we can all see how the process doesn’t work.

Then Jim busts into his favorite two segments.  One is the Geek Toy segment, where he talks about the SanDisk Sansa TakeTV device.  Very cool stuff for the traveler.  And the other segment is the Consultant’s Corner, where Jim gives some advice for writing up and presenting an executive outbrief for a project.

The rest of the podcast is just general bantering and virtually poking each other in the ribs.  We had fun with this one.  Leave some comments on what you think.  We’ll discuss some of them in the next podcast.

Music for this podcast is:

• Digital Breaks – “Therapy”
• Digital Droo – “Minor Things”
• Laika Cres – “Miles and Miles”

Vet