Category: Podcasts

An Information Security Place Podcast – 01-22-14

An Information Security Place Podcast – 01-22-14

 

Jim, Dan, and Michael have a lot of catching up to do. We talk about a lot of stuff because a lot of stuff has been happening. From RSA, NSA, QSAs… security is busy! Show notes below!

Show Notes:

InfoSec News Update –

  • 123456 is the new best of the worst – Link
  • RSA Conf and those skipping it this year – Link
  • Fixing a flawed VA medical records system: Tenacity pays off for a researcher – Link
  • Do you believe the Obamacare website is secure? These guys don’t – Link1, Link2, Link3
    • Discussion Topic – The Failure Themes of the Target Breach:

    • Massive Props to Brian Krebs on his coverage of the whole debacle – Krebsonsecurity.com
    • AntiVirus Takes it on the Chin …Again – Link
    • Egress Filter Much? – Link
    • Credit Card Processing Fundamentally flawed – Link
    • EMPHATIC POINT OF THE PODCAST!! Complacent with Compliance … again PCI!= security

      Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

    • Intro: “Stay Alive“ – Rivethead
    • Segment 1 – “CricketBat” – RivetHead
    • Segment 2 – “Burn Us Down” – Early Morning Rebel
    • Outro: “Zero Gravity“ – RivetHead

    Link to MP3

An Information Security Place Podcast – 09-06-13

An Information Security Place Podcast – 09-06-13

 

We’re in rare form today. A lot of fun sprinkled with the occasional good nugget of information security news and discussion.

Show Notes:

InfoSec News Update –

  • New OSX Metasploit Module or Time is not on your Side! – Link
  • If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the “admin group”), and the user has ever run the “sudo” command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970.

  • Communication is key – Link
  • Hacking Fantasy Football – Link
  • China Shifts to newer Exploits – Link
  • Now that folks are patching CVE-2012-0158

  • FTC smacks Internet-Connected home security cameras – Link
  • CSRF Protection wiithout nonce or random tokens – Link
  • British Parliament loves them some Pr0n! – Link
  • Samsung adding security to Android – Link
  • Gartner pushing SAST & DAST T together – Link
  • The blog is old, but this years Magic Quadrant has them merged into a
    single report. Is this a good or bad thing?

  • HouSecCon Update! – Link

Discussion Topic –

  1. 10 Golden Rules of the Outstanding CISO – Link

Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

  • Intro – Stay Alive – Rivethead
  • Segment 1 – Synchroncity II – RivetHead
  • Segment 2 – Deaf Ears – RivetHead
  • Outro – Zero Gravity – RivetHead

Link to MP3

An Information Security Place Podcast – Episode 07-2011

An Information Security Place Podcast – Episode 07-2011

 

Today we have an interview for you. Michael had a great time sitting down with four gentlemen (they might not all agree with that term) from SpiderLabs over at Trustwave. The aforementioned SpiderLabs folks were Nicholas Percoco (@c7five), Steve Ocepek (@nosteve), Matt Jakubowski (@jaku), and Zack Fasel (@zfasel) – those are Twitter aliases for you newbs out there.

They went over their respective histories, talked about SpiderLabs and their leetness, discussed a few talks that they are doing at DEFCON, talked about their party at DEFCON that will be held in a super-secret location, and went through about 50 SpiderLabs insider jokes.

Michael is also pretty sure someone (Zack) was enjoying adult beverages (Zack) during the recording (Zack), but he might be wrong…

Enjoy the show. And once again, thanks to Rivethead for the tracks. Go out to their website to see the latest on them, where they are playing, and all their news.

An Information Security Place Podcast – Episode 06-2011

An Information Security Place Podcast – Episode 06-2011

 

A lot of discussion in this episode. And what is more funny is Dan actually cuts Jim off on a subject. Yes, you heard it right. The famous “Web Security Minute Turned to 20 Minutes” Dan makes Jim stop talking. I guess the end of the world IS here!

Oh, and Dan leads us into the Land of Many Links with his Clickjacking story.

Show Notes:

InfoSec News Update –

  • HouSecCon 2011 update – Registration is open – Link Here
  • PCI Physical badging Gap – Link Here
  • Using Mario against us (evil) – Link Here
  • FUD article of the day – Half of lost/stolen mobile device have sensitive info on them – Link Here
  • Defining appropriate Cyber Attack response, A.K.A Eat my cruise missile you Commie, Pinko hacker! – Link Here
  • Clickjacking, Cookiejacking oh my! – Link 1 / Link 2 / Link 3 / Link 4
  • Can you have too much security? – Link Here

Geek Toys –

Discussion Topic – Five Infamous Database Breaches So Far In 2011 – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
  • July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead – “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3

An Information Security Place Podcast – Episode 02-2011

An Information Security Place Podcast – Episode 02-2011

 

We have a little bit of innuendo humor on this episode, and we all break into some hysterics (it’s all in the geek toys section, so fast forward if you want to hear all that). Around that is some information and opinion on InfoSec stuff. We figured we would throw that in there because of the name of the podcast, but whatever…

Show Notes:

InfoSec News Update –

  • HouSecCon 2011 Call for Papers – Link Here
  • Busting DLP Myths or Playing with Hype? Link Here
  • Google collecting kid’s info (including last 4 of SSN) for Doodling contest – Link Here
  • Smartphone security threats overdramatized – Link Here
  • 7 Deadly Sins – Link Here
  • Another certification debate – Link Here
  • Abusing HTTP Status Codes to Expose Private Information – Link Here

Geek Toys –

Discussion Topic – Saying No to Bad Patents – Link 1 / Link 2 / Link 3

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Feb 26th – in Carlsbad NM
  • March 19 – The American Airlines Center at the Dallas Stars Hockey Game

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead – “Difference”
Outro – RivetHead – “Zero Gravity”

Link to file

An Information Security Place Podcast – Episode 01-2011

An Information Security Place Podcast – Episode 01-2011

 

Thomas Jefferson said, “Delay is preferable to error.” Martin Luther said, “Who waits until circumstances completely favor his undertaking will never accomplish anything.” So depending on which quote you like, we either took a long time to record a new episode so we would do it right, or we are just a bunch of slackers. I prefer the former, but I am biased…

In either case, we’re back, and in the immortal words of Rivethead, we’re “Stirring It Up Again” (you’ll read about Riverthead below and hear about them in the podcast).  Jim, Dan, and I got together on a cold and stormy night (at least in Houston and Denver) to talk about all things InfoSec.  Show notes are below.  Oh, and yes, we are going with a new theme for numbering our episodes.  I think it takes away the pressure a little myself since I don’t have to worry about huge numbers for episodes.  Of course, I’ll have to count now, which sucks (thanks Jim).

Show Notes:

InfoSec News Update –

  • Study shows non-compliance more expensive than compliance (study was sponsored by Tripwire) – Article Link / Report Link
  • Security Fail – When Trusted IT members go bad!! – Link Here
  • “It’s a CIO’s worst nightmare: You get a call from the Business Software Alliance (BSA), saying that some of the Microsoft software your company uses might be pirated.

    You investigate and find that not only is your software illegal, it was sold to you by a company secretly owned and operated by none other than your own IT systems administrator,
    a trusted employee for seven years. When you start digging into the admin’s activities, you find a for-pay porn Web site he’s been running on one of your corporate servers.
    Then you find that he’s downloaded 400 customer credit card numbers from your e-commerce server.

    And here’s the worst part: He’s the only one with the administrative passwords.”

  • Looking back at old security news – have we made progress?? – Link Here (Registration required for full article)
  • A SLOW Death! – Link Here
  • Egypt gets Internet connection back – Link Here
  • Ever Cookie’s Anyone? – Link Here

Discussion Topic #1 – CSRF and Clickjacking – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Feb 19th – Playing Curtain Club Dallas, TX
  • Feb 26th –  in Carlsbad, NM
  • March 19th – American Airlines Center at a Dallas Stars Hockey game
  • Intro – RivetHead – “Stirring It Up Again”
  • Outro – RivetHead – “Zero Gravity”
  • Link to MP3

    An Information Security Place Podcast – Episode 37

    An Information Security Place Podcast – Episode 37

     

    All three of us are on this time. Some good talk about disclosure and web app firewalls, and Google, and some other stuff. Enjoy!

    Show Notes:

    InfoSec News Update –

    • Web App Firewall Discussion Continues – Link 1 / Link 2 / Link 3 / Link 4
    • Good Ole’ Firmware Hack – Link Here
    • Small and MidSize Businesses are Getting Serious About Security – Link Here
    • Looking for the Next Generation of Security Folks –Link Here
    • “POET” Released – Link Here
    • Fingerprinting the Bad Guys – Link Here
    • Careful Where You Sext! – Link Here
    • Encouraging Everyone to Participate in the Survey –Link Here

    Discussion Topic #1 – Google Is Watching Your Wifi, But do You Really Care?

    Discussion Topic #2 – Ye’ Old “Disclosure” Debate…Again?!? Link 1 / Link 2

    Music Notes –

    Link to MP3

    An Information Security Place Podcast – Episode 36

    An Information Security Place Podcast – Episode 36

     

    So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

    Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

    Info Sec News Moments:

    • Kudos to MS’ IE 8 Add Campaign – Link Here
    • Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
    • Android and the SMS Rootkit Hack – Link Here
    • Google Ditching Windows due to Security Concerns – Link Here
    • Denver OWASP – SnowFroc Con – Link Here

    Music Notes:

    Link to MP3

    An Information Security Place Podcast – Episode 35

    An Information Security Place Podcast – Episode 35

     

    Episode 35 is here. The format is different today. Instead of you listening to Dan, Jim, and me yap about news and pontificate about security topics, you are going to hear a talk I gave at the Texas Technology Summit in early April 2010. The talk title and synopsis are below, along with a link to the slide deck.

    Title: Breaking Down the Enterprise Security Assessment

    Synopsis: Many enterprise security assessments look at too few attack vectors or do not dig far enough into the attack vectors once a vulnerability has been discovered. Come join a discussion on the breakdown of a security assessment, explore the essential attack vectors, and debate the depth to which the assessment should go.

    Link to MP3

    Link to slides

    An Information Security Place Podcast – Episode 34

    An Information Security Place Podcast – Episode 34

     

    We are really sorry for the long delay, but all three of our schedules have been packed for the last 2 months. But I’m sure you don’t want to hear any excuses, so without further hesitation… Here’s Episode 34.

    Show Notes:

    Kudos to Tommy Perniciaro for article at SC Magazine – Link Here

    InfoSec News Update –

    • Physical Security on Mac sucks – Link Here
    • What Drives Corporate Security Spending? – Link Here
    • Crazy Patch Week – Link 1 / Link 2
    • Federal Court Uphold Border Searches for Laptops – Link Here
    • Are Bank Breaches Still Trending High in 2010 –Link Here
    • So Easy, Even a Celebretard Can Do It! – Link Here
    • Perceptions Of Security Vary Widely Between IT Management, Security Staff – Link Here
    • Slow Death of XSS Vulns – Link Here

    Discussion Topic #1 – Integration of Web Vuln Scanners with IPS/WAFs

    Discussion Topic #2 – Update your End user Awareness Training and stop blaming your users!

    Link 1 / Link 2 / Link 3

    Music Notes:

    Link to MP3

    An Information Security Place Podcast – Episode 32

    An Information Security Place Podcast – Episode 32

     

    OK, holy crap.  We expected this episode to be pretty short since Jim was not around to add his golden commentary, but we got to yappin’ and churned out almost an hour of content (I use that term loosely).  So enjoy the show!

    Show Notes:

    InfoSec News Update –

    • Iran Shutters Google’s Gmail Service, offering own email for citizens – Link here
    • Security Scoreboard – Link here
    • Brian Kreb’s has blog post used by scammers – Link here and Sophos article link here
    • The Death of Product Reviews (Mike Rothman at Securosis) – Link here
    • TSA agent arrested for molestation – Link here
    We won’t get intot he details here because this guy is sick, but I had to point out this line from the TSA blog about the issue:
    “TSA holds the highest standards for our workforce and this individual’s actions do not reflect on the more than 50,000 men and women who work every day to keep the traveling public safe.”
    • Hacker threat forces DoH to close appraisal site (Political Activist?) – Link here
    Discussion Topic – Smaller, more intimate security conferences (Security B-Sides, Schmoocon, etc)
    An Information Security Place Podcast – Episode 31

    An Information Security Place Podcast – Episode 31

     

    Everyone was here for this episode (meaning Dan, Jim, and Michael), and it was pretty much on schedule this time. We do the normal cutting up, then talk about news and start discussing stuff. Then Dan puts the hurt down on some developer geek speak. You will definitely learn  from stuff from this episode (as opposed to the drivel you get from most of our episodes).  Very good stuff.

    BTW, the format of the posts are changing just a bit. While the podcast player will stay where it usually is at the top of the post, the link to the file will now be below the posts. This is changing because when iTunes picks up the text from the feed, it throws the “Link to MP3” text at the top, and it looks weird when looking at the show description in iTunes. Just a minor change really, but just wanted to point it out here in case that is where you grab the file. OK, now on to the show!

    Show Notes:

    InfoSec News Update –

    Discussion Topic #1 – Laptops on Hostile Networks – Link Here

    Discussion Topic #2 – DK’s Web App Security Minute… and then some :)

    Music Notes:

    Link to MP3

    An Information Security Place Podcast – Episode 30

    An Information Security Place Podcast – Episode 30

     

    Link to MP3

    The first podcast of the new year is here, and it is a nice round number!  That is sweet!  So please forgive any weirdness in the way this episode sounds.  It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting.  Jim is a miracle worker, but even he could not make it completely fluid!

    Also, because of scheduling, Dan did not get to join us.  But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys.  I think you will enjoy this episode, even with all the weirdness!

    Show Notes:

    Info Sec News Update –

    • Jim, Michael, and Tyler talk about all the Google Hacking – Link Here

    Interview #1 –Michael with Roger Hegland of TruARX

    Interview #2 – Jim with Mike Tuchen of Rapid7

    “Added Bonus to Our Listeners”

    Going to RSA? Join Rapid7 on March 3rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp

    Discussion Topic – PCI in the Gaming Industry

    Music Notes –

    An Information Security Place Podcast – Episode 29

    An Information Security Place Podcast – Episode 29

     

    Link to MP3

    Merry Christmas to all our listeners! It’s that time of the year again where we sit down and make a fun podcast and recap the year and look forward to next year. Heck there was even a Christmas Miracle on this episode… it was actually recorded on time !!!! So sit back with your eggnog next to the Yule log fire under the stockings and enjoy!

    Show Notes:

    InfoSec News Update –

    Discussion Topic –

    2009 Year in Review and Looking Forward Predictions to 2010 –

    Link 1 / Link 2 / Link 3

    Music Notes –

    An Information Security Place Podcast – Episode 28

    An Information Security Place Podcast – Episode 28

     
    Link to MP3

    OK, this was just a stupid, crazy, and fun episode.  We had technical hiccups, a roving co-host that likes to text another cohost during recording, plus this episode is late getting recorded because of end-of-year schedule.  But we powered through it, and Jim got to spend a lot of time on post-production.

    I think you are going to enjoy this randomness…

    Show Notes:

    InfoSec News Update and Geek Toys Update –

    • T-Mobile Employee causes largest data theft in the UK – Link Here
    • Government Security Woes
      Story 1 – 5 TSA workers put on leave over online posting – Link here
      Story 2 – The Party Crashing Scandal – Link Here
      Story 3 – Felon working for DHS for 2 years – Link Here
    • Nessus 4.2 is released – Link Here
    • Rapid7 and Metasploit Community Projects – Link 1 / Link 2
    • ProxMark3 now shipping completed RFID read/write/clone kits – Link here
    • Moxie launched cloud-based WPA password Cracking – Link Here
    • Cure for Eye Strain – Gunnar Glasses – Link Here

    Discussion Topic –

    Changes to OWASP standard for 2010 –

    Link Here

    Consultants Corner – Picking your tools wisely… 2009/2010 update

    Music Notes –

    An Information Security Place Podcast – Episode 26

    An Information Security Place Podcast – Episode 26

     

    Link to MP3

    Episode 26 is here.  It almost didn’t happen since I was playing remote helpdesk dude for a relative from my hotel room in Dallas right before the recording, but we got it worked out.  Enjoy!

    Show Notes:

    InfoSec News Update –

    • Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
    • Power Grid Takedown – a HowTO – Link Here
    • Court Ruling – Disloyal Computing is Not Illegal – Link Here
    • New OWASP Sponsored Web App Firewall – Link Here
    • MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
    • Trojans getting Smarter – Link Here
    • PCI DSS Update Could Include Virtualization Security – Link Here

    Discussion Topic –

    Encouraging Bad Behavior via marketing (Identity Guard Commercials)

     

    Consultants Corner – Predicting what Security Consulting will be like in the future – Link Here

    Music notes –

     Vet

    An Information Security Place Podcast – Episode 25

    An Information Security Place Podcast – Episode 25

     

    Link to MP3

    Episode 25 is here.  Today’s podcast is different than our usual.  Instead of having Jim, Dan, and me spout off and pontificate, I am interviewing Wesley McGrew from McGrew Security.  Wesley is a security researcher at Mississippi State University’s Critical Infrastructure Protection Center, where he works to find vulnerabilities in SCADA software.  He also operates mcgrewsecurity.com , where he blogs about information security topics.

    Wesley caught a script-kiddie back in June trying to do some pretty weak SCADA hacking at a Dallas-area hospital.  He and I talked about the incident and also discussed some of Wesley’s future plan (not much since he couldn’t divulge a lot – oooo, mysterious!).  So enjoy the show.  Links to the blog posts from Wesley’s script kiddie adventure are below.

    http://www.mcgrewsecurity.com/2009/06/30/ghostexodus-the-eta-and-a-control-systems-incident-at-carrell-clinic-part-1/

    http://www.mcgrewsecurity.com/2009/07/02/ghostexodus-part2/

    http://www.mcgrewsecurity.com/2009/07/06/ghostexodus-the-eta-and-a-control-systems-incident-at-carrell-clinic-part-3/

    http://www.mcgrewsecurity.com/2009/07/07/ghostexodus-part4/

    Vet

    An Information Security Place Podcast – Episode 24

    An Information Security Place Podcast – Episode 24

     

    Link to MP3

    Hello all you happy people!  Episode 24 is here.  I was out sick, so Jim and Dan put it together. Jim is adamant about sticking to a schedule. Dang slave driver!

    Show Notes:

    InfoSec News Update –

    • Credit Unions Under Attack – Link 1 / Link 2
    • Massive SQL Injection Attacks – Link 1 / Link2
    • Cisco Wireless LANS get “Skyjacked” – Link 1 / Link 2
    • Flaw in Sear’s Website Left Database Open To Attack – Link Here
    • WPA/TKIP Can be Broken in 1 Minute – Link 1 / Link 2
    • 100 Dirtiest Web Sites of Summer 2009 – Link Here
    • No Thumbprint, No Check-Cashing, Bank Told Armless Man – Link Here
    • PCI Council Releases recommendation for Preventing Card Skimming – Link 1 / Link 2
    • Federal Certification Program for “Cyber Professionals” / Bill would give President emergency control of the Internet – Link Here

    Discussion Topic – Web App Scanners And Web App Firewalls According to Gartner

    Link 1 / Link 2

    Consultant’s Corner – Updating Tools and Techniques

    Music Notes:

    An Information Security Place Podcast – Episode 23

    An Information Security Place Podcast – Episode 23

     

    Link to MP3

    We’re back with episode 23.  Jim is back (you can decide if that is good news or bad news), and Dan Kuykendall is joining us again (calls himself the guest that won’t leave the couch).  Thanks for listening…

    Show notes:

    InfoSec News Update –

    • Big Thank You to all our Clients and the folks that stopped by thebBooth and our party at BlackHat!
    • UK ID card Hacked/Cloned in 12 Minutes – Link Here
    • “Mega breaches” use preventable attacks – Link Here
    • Hackers target outsourced app development – Link Here
    • National Retail Federation still struggling with PCI – Link Here
    • Reset Password problems, and reusing passwords in general:
    • “FILE UNDER DUH” – Study warns of cyberwarfare during military conflicts – Link Here

    Discusstion Topic – Web Security On Cell Phones – Link Here

    Geek Toyz –

    Music Notes:

    An Information Security Place Podcast – Episode 22

    An Information Security Place Podcast – Episode 22

     

    Link to MP3

    Episode 22 is here. Jim was not available to join me this time (been traveling and real busy), so Dan Kuykendall from NT Objectives was kind enough to fill in as co-host for today. We had some good discussion, and a show that I thought would be a little shorter ended up being pretty long. But it is good stuff. Here are the show notes:

    InfoSec News Update –

    • Vulnerable web servers on webcams, NAS, etc – Link Here
    • Obama’s cybersecurity Czar quits – Link Here

    People familiar with the matter said Ms. Hathaway has been “spinning her wheels” in the White House, where the president’s economic advisers sought to marginalize her

    politically.

    In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day

    cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the

    White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official.

    • SSL Under attack this year at BlackHat/Defcon. These attacks don’t attack the math, they attack the (mis)usage of the clients and cert authorities

    New Tricks For Defeating SSL In Practice (sslstrip) –Link Here

    Researcher Exposes Flaws In Certificate Authority Web Applications – Link Here

    • Defcon goon “Priest” is everywhere – Links Here and Here

    Discussion Topic – The ol’ security guidelines / best practices discussion

    Consultants Corner – Varied BlackHat / Defcon points –

    • SSL issues
    • Unmasking You talk by Joshua “Jabra” Abraham and Robert “RSnake” Hansen
    • Dan’s general Opinions about web security talks – he was underwhelmed

    Music Notes:

    An Information Security Place Podcast – Episode 17

    An Information Security Place Podcast – Episode 17

     

    Link to MP3

    Here is Episode 17. Sorry for the delay in getting it out. Last week was extremely rough for Jim and I, but we are back at full strength now. Well, maybe 85% strength anyway.

    In this show Jim and I relate the latest news as always, then we have some discussion about layoffs and how that is causing a lot of orphaned hardware and software. Then we discuss some challenges for the consultant in walking the mind field of politics at client companies.

    Also, we had some listener feedback from Geir. He was busting on us a bit about our saying you need to patch your stuff when we were talking about 0day. Thanks for keeping us straight Geir.  If you want to send feedback, you can send it to podcast-at-infosecplace.com.

    Here are the show notes:

    InfoSec News Update:

    • Follow up – Another Payment Processor Has Been Hacked – Visa says JUST KIDDING! – Link Here – This Just In – A new timeline of the Unnamed Processor – Link Here
    • Gartner – Nearly 8 Percent of U.S. Adults Lost Money To Financial Fraud in ‘08 – Link Here
    • Federal cybersecurity director quits, complains of NSA role – Link Here
    • Health Records Show Up in Yard – Link Here
    • Study: Antivirus Software Catches About Half Of Malware – Link Here
    • MS Finally killing off AutoRun – Link Here
    • Marine One data leak – Link Here
    • The Return of L0phtCrack!! – Link Here
    • WarVox Released – Link Here
    • Theives Steal the Show at Cebit – Link Here
    • Checklist for complying with PCI security standard – Link Here / Link To Checklist

    Discussion – Orphaned hardware and Software – Link Here

    Consultant’s Corner – Dealing with political landscapes at your client’s company

    Music Notes:

    Vet

    An Information Security Place Podcast – Episode 15

    An Information Security Place Podcast – Episode 15

     

    Link to MP3

    Here is episode 15. There was a lot to cover in this episode. Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time. Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.

    BTW, I am a milestone guy, and any time a “0” or a “5” is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.

    Show notes:

    InfoSec News Update: whole lot of crap!

    Discussion: File Under DUH! Unauthorized Web Use On The Rise

    Consultants Corner: How does “Compliant” equal Owned?

    Music Notes:

    An Information Security Place Podcast – Episode 12

    An Information Security Place Podcast – Episode 12

     

    Link to MP3

    MERRY CHRISTMAS and welcome to Episode 12!  I have been sick all week, and it hit me hard yesterday and today.  So Jim and Kirk saved the day and recorded the podcast without me.  I am a little bummed that I was not on the last podcast of the year, but you would not have wanted to listen to me sounding all nasally.

    So thanks to Jim and Kirk.  Here are the…

    Show Notes:

    InfoSec News Update:

    Discussion Using Local resources for Social Engineering

    Geek Toys – Last Minute Geek Gift Ideas

    Consultant’s Corner – 2008 Year in Review – the Consultant’s Perspective

    Music Notes:

    An Information Security Place Podcast – Episode 11

    An Information Security Place Podcast – Episode 11

     

    Link to MP3

    Show Notes:

    Segment 1: InfoSec News Update (Michael gets to do a little talkin’ here – and he promptly screws it up):

    • New Security Awareness video on YouTube – kinda cheesey, but a pretty good production
    • Digittrade HD Encryption Broken– “in our test, unscrewing the housing took longer than cracking its encryption mechanism.”
    • Lenovo’s new Facial recognition software defeated by printed photo
    • Massachusetts new law – 201 CRM 17.00 – “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information” – a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal.  Requires – Regular Monitoring, Documenting responsive actions taken during breach, and reasonable monitors of systems.
    • File Under DUH!Symantec Discovers Cybercrime makes money – estimates value around $1.7Bil
    • Really simple PCI FAQ that you should be aware of
    • Apple and the AntiVirus Debate – In a written statement sent to security news site Securityfocus.com, Apple explained their decision to pull the document: “We have removed the KnowledgeBase article because it was old and inaccurate,” Apple said in a statement sent to SecurityFocus. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.”

    Discussion: BLATANT FUDPatching at the Enterprise level – Securina “virtually every Windows PC is at risk” – 98% of Windows computers are missing patches – 46% were missing more than 11 patches

    Segment 2: Geek Toys and Consultants Corner

    • Geek Toys – Kensington Portable Power outlet – AS SEEN ON REGIS AND KELLY!!!!
    • Consultants Corner – Helping client dealing with a breach (specifically as how it relates to compliance issues)

    Music Notes: NEW – CHECK OUT THE LINKS TO THE BANDS ON PODSHOW.COM

    Vet

    An Information Security Place Podcast – Episode 10!

    An Information Security Place Podcast – Episode 10!

     

    Link to MP3

    Show Notes:

    Episode 10!  We are in double digits!  W00T!  Thanks to Jim for all the hard work on getting these podcasts produced, for picking the music, for doing most of the talking, for… errr, what do I do around here anyway??

    Segment 1: InfoSec News Update and some discussion about pinko commies

    Segment 2:

    • Geek Toys – Jim has pretty much given up on trying to please Kirk because he is talking about non-security related toys AGAIN – a review of the Popcorn Hour A-110
    • Consultants Corner- Staying diligent during holidays
    • Further ranting – Jim says “LEAVE ME ALONE – I AM BUSY” to Q4 invitations to speak at conferences

    Music Notes:

    • Intro/Outro – Digital Breaks – “Therapy”
    • Segway 1 – Naked Gun – “A.D.D.”
    • Segway 2 – Kickstart – “Bouncey”
    An Information Security Place Podcast – Episode 9

    An Information Security Place Podcast – Episode 9

     

    Link to MP3

    Show notes:

    Just Jim and I today talking about news and adding some ranting (as usual).

    Segment 1: InfoSec News Update and various ranting

    Segment 2:

    • Geek Toys – BlueAnt SuperTooth 3 Review
    • Consultants Corner – Importance of Physical Security
    • We bid you a fond farewell

    Music Notes:

    • Intro/Outro – Digital Breaks – “Therapy”
    • Segway 1 – Naked Gun – “A.D.D.”
    • Zinger – JunkTones – “Welcome To the USA”
    • Segway 2 – Kickstart – “Bouncey”

    Vet

    An Information Security Place Podcast – Episode 8

    An Information Security Place Podcast – Episode 8

     

    Link to MP3

    Show Notes:

    Kirk Greene, a coworker of Jim and me, joins us today, and general hilarity ensues. Thanks for being brave enough to come on the show Kirk!

    Segment 1: InfoSec News Update

    Segment 2:

    • Geek Toys – 8 Gig laptops and how Apple sucks (Jim said it!) – and Kirk reminds Jim that this is an Infosec podcast AGAIN.
    • Consultants Corner – Kirk opens up the PA DSS discussion, and we talk about some possible ramifications to the POS (“point of sale” for clarification) industry
    • We say goodbye, but not before we turn this whole podcast into a political debate (not really) since the next podcast will be AFTER the election (the most important one in history according to everyone that said that about the last election)

    Music Notes:

    • Intro/Outro – Digital Breaks – “Therapy”
    • Segway 1 – Jimmie Bratcher – “Bad Religion”
    • Segway 2 – Kickstart – “Theme Song”
    An Information Security Place Podcast – Episode 7

    An Information Security Place Podcast – Episode 7

    Hey everybody.  Here’s podcast episode 7.  There’s some great stuff in here, and some great interviews.  Enjoy!

    BTW, iTunes is downloading episode 6 for episode 7 for some friggin’ reason.  I will look into it, but I have to finish a proposal tonight.  Sheesh.

     

    Link to MP3

    Show notes:
    Segment 1 – InfoSec News Update

    Interview Segment:

    Geek Toys: Jasager on the FON Router – Watch Episodes 403 and 405 of Hak5 or hop over to DigiNinja’s Jasager page

    Consultants Corner: Discussion on doing some due diligence on checking vendor claims. Open discussion on the recent Evil Bits Darkreading blog post

    Music Notes:

    • Intro/Outro – Digital Breaks – “Therapy”
    • Segway 1 – Jimmie Bratcher – “Bad Religion”
    • Segway 2 – The Erotics – “Walk All Over You”
    • Segway 3 – Megaphone – “Not Your Enemy”
    • Segway 4 – Kickstart – “Theme Song”

    Vet

    An Information Security Place Podcast – Episode 6

    An Information Security Place Podcast – Episode 6

    Here’s episode #6.  Jim was in a hotel room in California, so forgive any degradation in quality and the shorter-than-usual length.  Just another risk when you are a world-traveling consultant like Mr. Broome. 🙂

    As usual, we welcome feedback of any kind (we reserve the right to delete profanity).  Please let us know how you like / dislike the show.

    Also, I know the feed is broken via feedburner.  Not sure what is going on there.  I am looking into it.  For now you can download the podcast via the link below.

    OK, here are the show notes:

    InfoSec News Update:

    • Rsnake and Grossman’s talk on clickjacking pulled due to lack of feed back by some vendors and a request from Adobe to pull the OWASP USA talk until they issue a patch.
    • Apple and Cisco Release Patches
    • Followup – VMware Fusion 2.x not all that good!!!
    • Palin hack – We don’t give a crap anymore!

    Discussion on Remote access and employee termination – Open discussion on the recent articles
    and whitepapers:

    Segment 2:

    And the wonderful music picks from Jim:

    • Intro/Outro – Digital Breaks – “Therapy”
    • Segway 1 – Climax – “OnTheEdge”
    • Segway 2 – Climax – “Eternity”
     

    Link to MP3

    An Information Security Place Podcast – Episode 5

    An Information Security Place Podcast – Episode 5

    OK folks.  Here’s the long awaited episode 5 of the the podcast.  Sorry for the delay in getting this one out.  Hurricane Ike put a big damper on our plans since I was without electricity for a few days.  Internet has been spotty as well, but it held up for Jim and I to record last night.

     

    Link to MP3

    Show notes:

    • Geek Toys – Personal Raid Devices – aka Drobo Review
    • Consultants Corner – Dealing with clients that are bound by compliancy requirements.

    Music:

    • Intro/Outro – Digital Breaks – “Therapy”
    • Segway 1 – Climax – “OnTheEdge”
    • Segway 2 – Climax – “Eternity”

    Vet

    Bitnami