Link to MP3
Episode 22 is here. Jim was not available to join me this time (been traveling and real busy), so Dan Kuykendall from NT Objectives was kind enough to fill in as co-host for today. We had some good discussion, and a show that I thought would be a little shorter ended up being pretty long. But it is good stuff. Here are the show notes:
InfoSec News Update -
- Vulnerable web servers on webcams, NAS, etc – Link Here
- Obama’s cybersecurity Czar quits – Link Here
People familiar with the matter said Ms. Hathaway has been “spinning her wheels” in the White House, where the president’s economic advisers sought to marginalize her
politically.
In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day
cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the
White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official.
- SSL Under attack this year at BlackHat/Defcon. These attacks don’t attack the math, they attack the (mis)usage of the clients and cert authorities
New Tricks For Defeating SSL In Practice (sslstrip) -Link Here
Researcher Exposes Flaws In Certificate Authority Web Applications – Link Here
- Defcon goon “Priest” is everywhere – Links Here and Here
Discussion Topic - The ol’ security guidelines / best practices discussion
Consultants Corner – Varied BlackHat / Defcon points -
- SSL issues
- Unmasking You talk by Joshua “Jabra” Abraham and Robert “RSnake” Hansen
- Dan’s general Opinions about web security talks – he was underwhelmed
Music Notes:
Link to MP3
The long-awaited episode 20 is finally here. Sorry for the crazy long wait!
InfoSec News Update –
Discussion Topic -Whats the difference between an Auditor and a Assessor?
Consultant’s Corner - To Scope or Not to Scope
Music Notes:
Link to MP3
Here is episode 15. There was a lot to cover in this episode. Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time. Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.
BTW, I am a milestone guy, and any time a “0″ or a “5″ is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.
Show notes:
InfoSec News Update: whole lot of crap!
- FAA Security Breach Exposes 45K Employees
- AV makers Hacked – BitDefender and Kaspersky, More: Full Info on hackers Blog
- Electronics Firm Faces FTC Lawsuit Following Multiple Hacks – “The complaint alleges that until at least December 2007, Compgeeks (geeks.com) routinely stored this sensitive information in unencrypted text on its corporate computer network, among other security failures. The complaint also charges that the respondents did not adequately assess whether its Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as SQL injection.”
- Identity thieves beat Obama to stimulus package punch
- Obama’s new CyberSec Chief Named
- Federal Workers Warned Of Potential Data Compromise At SRA
- Jailed SF network admin files $3M claim – Looks like the S.F. Mayor has some l33t admin skills because “Childs, formerly a network administrator with the city’s Telecommunications and Information Services (DTIS), had argued that the department’s staff was incompetent and that the mayor was the only person qualified to handle the passwords.”
- Heartland Breach Follow up – 157 institutions claiming issues – includes Bermuda, Canada, and Guam
- War cloning, the “new hacker sport”
- The latest MS Patches – One is for MS SQL, and there is exploit code out there
Discussion: File Under DUH! Unauthorized Web Use On The Rise
Consultants Corner: How does “Compliant” equal Owned?
Music Notes:
