An Information Security Place

Link to MP3

Episode 21 is up and going. Looks like Jim and I are back on a regular cycle again. Hopefully it stays that way! Here are the show notes:

InfoSec News Update -

• Goldman Sachs looses its secret sauce online – Link Here
• Fed gets and F on Physical Security – Link Here
• North Korea Blamed in Cyber Attacks over July 4th – Link Here
• Juniper Pulls ATM hacking preso from BH – Link Here
• Month of Twitter Bugs – Link Here
• 10 Things Your Auditor Isn’t Telling Your – Link Here
• New head of MI6 wears Speedos on Facebook – Link Here
• Algorithm for Predicting and guessing SSNs – Link Here
• Iphone SMS Vulnerability – Link Here
• Study – Oracle Users struggle with patch management – Link Here

Discussion Topic - Cloud Computing – is it a security nightmare waiting to happen? – Link Here

Consultants Corner - Developing an offering before going public!

Music Notes:

• Intro/Outro – Digital Breaks – "Therapy"
• Segway 1 – Eric Kauschen – "Speed of Light"
• Segway 2 – The WaterMarks – "Shut Down"
• Segway 3 – Megaphone – "Not your enemy"

Vet

Link to MP3

Episode 14 is here.  First off, let me thank everyone that is listening to Jim and me spout off about everything.  Fourteen shows does not seem like a big number, but it involves a lot of work getting this going (especially on Jim’s part – thanks Jim) and keeping it going, and Jim and I appreciate everyone sticking in there with us.

Second, we have made some changes with my setup, so there might be a sound difference and some issues with this episode.  Forgive us as we get some new kinks worked out.

Third, this episode includes an interview with Mike Rothman from eIQnetworks.  You might know him better as that guy from Security Incite that has a yankee accent and tells everyone what he is thinking.  Either way, Mike is a great guy and a great friend, and I was honored to interview him.  I think you will enjoy that portion of the show.

And lastly, there is a programming note.  The geek toys segment that is brought to you by Jim every show is now going to be made more of a quarterly thing.  The reason is because Jim has to find something to talk about every time, and it is getting a little more difficult to find something for every show.

Here’s the breakdown of the show.

Show Notes:

InfoSec News Update: there’s been a lot happening the last two weeks

• Largest CC breach Ever !! Yes, I am talking about Heartland.  100 million + credit cards and the accusation that they attempted to hide behind the inauguration
• Heartland Followup – Law Enforcement Closing in on Perp – Looks like they are outside the US (thanks for narrowing that down)
• Monster.com Hacked … Again!
• Using Twitter for Info/Data Mining – Lenny Zeltser
• Conficker Worm Takes down a Hospital
• Follow up – Same worm variant is also attacking the UK MOD – Michael at mcwresearch.com
• Shavlik apologies for hyped MS patch Analysis – Eric Shultze: “So here’s my official apology for crying wolf on this issue when I should have done my due diligence and read all three Microsoft locations before offering my opinion on this issue”
• New Report from US Dept of Health and Human Services (HHS) – Task force recommends that government spearhead medical identity theft awareness and prevention initiatives (link is a PDF). I get a tad cynical here.  Hey, it involves government.

Discussion – New president declares his plan for US Cyber Security (more cynicism from Michael)

Vendor Interview – Michael interviews Mike Rothman from eIQnetworks

Consultants Corner -Combining compliance initiatives and what that means for security practices

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Eric Kauschen – “Speed of Light”
• Segway 2 – GK & TheRenegades – “Enemies”

Hey everybody.  Here’s podcast episode 7.  There’s some great stuff in here, and some great interviews.  Enjoy!

BTW, iTunes is downloading episode 6 for episode 7 for some friggin’ reason.  I will look into it, but I have to finish a proposal tonight.  Sheesh.

Link to MP3

Show notes:
Segment 1 – InfoSec News Update

• ClickJacking Demo’s poping up everywhere
• Voip and the SIP Protocol Demysitified – Wes Brown does a great article over on the Matasano website
• ATM Skimmer kit with SMS Texting
• Our new segment, but still under the News Segment for this show is Filed under DUH! - China Monitoring Skype Text Messaging
• Judge Suppresses Results of E-voting System Audit
• Scanning you network for default passwords: Depant

Interview Segment:

• Interview A – Michael and Von Nguyne – SE @ Palo Alto Networks (next Gen Firewall)
• Interview B – Jim and Dan Kuykendall talk about NTO Spider (Jim)

Geek Toys: Jasager on the FON Router – Watch Episodes 403 and 405 of Hak5 or hop over to DigiNinja’s Jasager page

Consultants Corner: Discussion on doing some due diligence on checking vendor claims. Open discussion on the recent Evil Bits Darkreading blog post

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Jimmie Bratcher – “Bad Religion”
• Segway 2 – The Erotics – “Walk All Over You”
• Segway 3 – Megaphone – “Not Your Enemy”
• Segway 4 – Kickstart – “Theme Song”

Vet

Here’s episode #6.  Jim was in a hotel room in California, so forgive any degradation in quality and the shorter-than-usual length.  Just another risk when you are a world-traveling consultant like Mr. Broome.

As usual, we welcome feedback of any kind (we reserve the right to delete profanity).  Please let us know how you like / dislike the show.

Also, I know the feed is broken via feedburner.  Not sure what is going on there.  I am looking into it.  For now you can download the podcast via the link below.

OK, here are the show notes:

InfoSec News Update:

• Rsnake and Grossman’s talk on clickjacking pulled due to lack of feed back by some vendors and a request from Adobe to pull the OWASP USA talk until they issue a patch.
• Apple and Cisco Release Patches
• Followup – VMware Fusion 2.x not all that good!!!
• Palin hack – We don’t give a crap anymore!

Discussion on Remote access and employee termination – Open discussion on the recent articles
and whitepapers:

• Watchguard’s Whitepaper on employees working from home
• Former Intel Employee working Charged with IP theft – works for AMD and used former intel VPN access that wasn’t disabled.

Segment 2:

• Geek Toys – Lock pin set disguised as a writing pen
• Consultants Corner – Dealing with with vendors – From the Services side (Jim) and from the Reseller side (Michael)

And the wonderful music picks from Jim:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Climax – “OnTheEdge”
• Segway 2 – Climax – “Eternity”

Link to MP3

Here’s the latest installment of the podcast.  Jim Broome talks about some of the BH / DC talks he was interested in and rubs in the fact that I didn’t get to go (he also rubs in the fact that he was in Hawaii last week – thanks Jim).

We get some closure on the Dan Kaminsky / DNS issue (well, it was closure for us anyway).

We talk a little about Alan Shimel’s adventures in pwnage.  We are not giving any details about the issue, but we give the big guy a little sympathy and some major props for his renewed sense of security importance and writing about the whole thing so we can all see how the process doesn’t work.

Then Jim busts into his favorite two segments.  One is the Geek Toy segment, where he talks about the SanDisk Sansa TakeTV device.  Very cool stuff for the traveler.  And the other segment is the Consultant’s Corner, where Jim gives some advice for writing up and presenting an executive outbrief for a project.

The rest of the podcast is just general bantering and virtually poking each other in the ribs.  We had fun with this one.  Leave some comments on what you think.  We’ll discuss some of them in the next podcast.

Music for this podcast is:

• Digital Breaks – “Therapy”
• Digital Droo – “Minor Things”
• Laika Cres – “Miles and Miles”

Vet