Tag: Security

An Information Security Place Podcast – 01-22-14

An Information Security Place Podcast – 01-22-14

 

Jim, Dan, and Michael have a lot of catching up to do. We talk about a lot of stuff because a lot of stuff has been happening. From RSA, NSA, QSAs… security is busy! Show notes below!

Show Notes:

InfoSec News Update –

  • 123456 is the new best of the worst – Link
  • RSA Conf and those skipping it this year – Link
  • Fixing a flawed VA medical records system: Tenacity pays off for a researcher – Link
  • Do you believe the Obamacare website is secure? These guys don’t – Link1, Link2, Link3
    • Discussion Topic – The Failure Themes of the Target Breach:

    • Massive Props to Brian Krebs on his coverage of the whole debacle – Krebsonsecurity.com
    • AntiVirus Takes it on the Chin …Again – Link
    • Egress Filter Much? – Link
    • Credit Card Processing Fundamentally flawed – Link
    • EMPHATIC POINT OF THE PODCAST!! Complacent with Compliance … again PCI!= security

      Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

    • Intro: “Stay Alive“ – Rivethead
    • Segment 1 – “CricketBat” – RivetHead
    • Segment 2 – “Burn Us Down” – Early Morning Rebel
    • Outro: “Zero Gravity“ – RivetHead

    Link to MP3

Evangelism and Projecting your dislike of religion

Evangelism and Projecting your dislike of religion

Wake up people, you are falling into the same old theistic behavior that we all as evolved sentient beings should eschew, neigh, …loathe. INFOSEC is not a religion and YOU are not the FUCKING POPE ok?

That’s a quote from Krypt3ia on his blog entitled “Infosec is not a religion”. He says this in his rant about the use of the term “evangelist” in security.

Krypt3ia is even nice enough to define the term for us. Now I know Krypt3ia is smart enough to know that a term can be used creatively so that it does not fall into the traditional use of the term. But his obvious hatred of religion (displayed by the quote above) doesn’t allow him to get around this, and it is unfortunate.

Is the term overused? Yes, I think it is. That is why I chose the title “Advocate” instead (thanks to Michael Santarcangelo for the help with the title). Has it turned into a buzzword or sorts? Maybe. But should people who have the title of evangelist be ashamed somehow? No, they shouldn’t. Should people who “take” that title for themselves be ashamed? No. It might be a little corny to take it for yourself, but it is not something to be ashamed of.

If someone is using the term “improperly to suit your needs of being center stage and telling everyone from the fucking mount what “they” should be doing” as Krypt3ia says, then why is he throwing his bile against only this term? Plenty of people put themselves forward as experts who are far from it, and they don’t always call themselves evangelists. Plenty of people want center stage (I’m not immune to that, and I’m pretty sure Krypt3ia is not immune either if his diatribes are any indication).

This is really just a case of projection. Krypt3ia doesn’t like religion, and he can’t stand to see the term used so much. It irritates him, so he blows up (he does that a lot, which is part of his charm). And while my use of the term “psychological projection” is not an exact fit for the clinical definition, I think I can use it here to fit my desired message, which is: Get a grip dude. It is just a term.

An Information Security Place Podcast – Episode 36

An Information Security Place Podcast – Episode 36

 

So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

Info Sec News Moments:

  • Kudos to MS’ IE 8 Add Campaign – Link Here
  • Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
  • Android and the SMS Rootkit Hack – Link Here
  • Google Ditching Windows due to Security Concerns – Link Here
  • Denver OWASP – SnowFroc Con – Link Here

Music Notes:

Link to MP3

An Information Security Place Podcast – Episode 35

An Information Security Place Podcast – Episode 35

 

Episode 35 is here. The format is different today. Instead of you listening to Dan, Jim, and me yap about news and pontificate about security topics, you are going to hear a talk I gave at the Texas Technology Summit in early April 2010. The talk title and synopsis are below, along with a link to the slide deck.

Title: Breaking Down the Enterprise Security Assessment

Synopsis: Many enterprise security assessments look at too few attack vectors or do not dig far enough into the attack vectors once a vulnerability has been discovered. Come join a discussion on the breakdown of a security assessment, explore the essential attack vectors, and debate the depth to which the assessment should go.

Link to MP3

Link to slides

An Information Security Place Podcast – Episode 21

An Information Security Place Podcast – Episode 21

 

Link to MP3

Episode 21 is up and going. Looks like Jim and I are back on a regular cycle again. Hopefully it stays that way! Here are the show notes:

InfoSec News Update –

  • Goldman Sachs looses its secret sauce online – Link Here
  • Fed gets and F on Physical Security – Link Here
  • North Korea Blamed in Cyber Attacks over July 4th – Link Here
  • Juniper Pulls ATM hacking preso from BH – Link Here
  • Month of Twitter Bugs – Link Here
  • 10 Things Your Auditor Isn’t Telling Your – Link Here
  • New head of MI6 wears Speedos on Facebook – Link Here
  • Algorithm for Predicting and guessing SSNs – Link Here
  • Iphone SMS Vulnerability – Link Here
  • Study – Oracle Users struggle with patch management – Link Here

Discussion Topic – Cloud Computing – is it a security nightmare waiting to happen? – Link Here

Consultants Corner – Developing an offering before going public!

Music Notes:

Vet

An Information Security Place Podcast – Episode 14

An Information Security Place Podcast – Episode 14

 

Link to MP3

Episode 14 is here.  First off, let me thank everyone that is listening to Jim and me spout off about everything.  Fourteen shows does not seem like a big number, but it involves a lot of work getting this going (especially on Jim’s part – thanks Jim) and keeping it going, and Jim and I appreciate everyone sticking in there with us.

Second, we have made some changes with my setup, so there might be a sound difference and some issues with this episode.  Forgive us as we get some new kinks worked out.

Third, this episode includes an interview with Mike Rothman from eIQnetworks.  You might know him better as that guy from Security Incite that has a yankee accent and tells everyone what he is thinking.  Either way, Mike is a great guy and a great friend, and I was honored to interview him.  I think you will enjoy that portion of the show.

And lastly, there is a programming note.  The geek toys segment that is brought to you by Jim every show is now going to be made more of a quarterly thing.  The reason is because Jim has to find something to talk about every time, and it is getting a little more difficult to find something for every show.

Here’s the breakdown of the show.

Show Notes:

InfoSec News Update: there’s been a lot happening the last two weeks

DiscussionNew president declares his plan for US Cyber Security (more cynicism from Michael)

Vendor Interview – Michael interviews Mike Rothman from eIQnetworks

Consultants Corner –Combining compliance initiatives and what that means for security practices

Music Notes:

An Information Security Place Podcast – Episode 7

An Information Security Place Podcast – Episode 7

Hey everybody.  Here’s podcast episode 7.  There’s some great stuff in here, and some great interviews.  Enjoy!

BTW, iTunes is downloading episode 6 for episode 7 for some friggin’ reason.  I will look into it, but I have to finish a proposal tonight.  Sheesh.

 

Link to MP3

Show notes:
Segment 1 – InfoSec News Update

Interview Segment:

Geek Toys: Jasager on the FON Router – Watch Episodes 403 and 405 of Hak5 or hop over to DigiNinja’s Jasager page

Consultants Corner: Discussion on doing some due diligence on checking vendor claims. Open discussion on the recent Evil Bits Darkreading blog post

Music Notes:

  • Intro/Outro – Digital Breaks – “Therapy”
  • Segway 1 – Jimmie Bratcher – “Bad Religion”
  • Segway 2 – The Erotics – “Walk All Over You”
  • Segway 3 – Megaphone – “Not Your Enemy”
  • Segway 4 – Kickstart – “Theme Song”

Vet

An Information Security Place Podcast – Episode 6

An Information Security Place Podcast – Episode 6

Here’s episode #6.  Jim was in a hotel room in California, so forgive any degradation in quality and the shorter-than-usual length.  Just another risk when you are a world-traveling consultant like Mr. Broome. 🙂

As usual, we welcome feedback of any kind (we reserve the right to delete profanity).  Please let us know how you like / dislike the show.

Also, I know the feed is broken via feedburner.  Not sure what is going on there.  I am looking into it.  For now you can download the podcast via the link below.

OK, here are the show notes:

InfoSec News Update:

  • Rsnake and Grossman’s talk on clickjacking pulled due to lack of feed back by some vendors and a request from Adobe to pull the OWASP USA talk until they issue a patch.
  • Apple and Cisco Release Patches
  • Followup – VMware Fusion 2.x not all that good!!!
  • Palin hack – We don’t give a crap anymore!

Discussion on Remote access and employee termination – Open discussion on the recent articles
and whitepapers:

Segment 2:

And the wonderful music picks from Jim:

  • Intro/Outro – Digital Breaks – “Therapy”
  • Segway 1 – Climax – “OnTheEdge”
  • Segway 2 – Climax – “Eternity”
 

Link to MP3

An Information Security Place Podcast – Episode 3

An Information Security Place Podcast – Episode 3

Here’s the latest installment of the podcast.  Jim Broome talks about some of the BH / DC talks he was interested in and rubs in the fact that I didn’t get to go (he also rubs in the fact that he was in Hawaii last week – thanks Jim).

We get some closure on the Dan Kaminsky / DNS issue (well, it was closure for us anyway).

We talk a little about Alan Shimel’s adventures in pwnage.  We are not giving any details about the issue, but we give the big guy a little sympathy and some major props for his renewed sense of security importance and writing about the whole thing so we can all see how the process doesn’t work.

Then Jim busts into his favorite two segments.  One is the Geek Toy segment, where he talks about the SanDisk Sansa TakeTV device.  Very cool stuff for the traveler.  And the other segment is the Consultant’s Corner, where Jim gives some advice for writing up and presenting an executive outbrief for a project.

The rest of the podcast is just general bantering and virtually poking each other in the ribs.  We had fun with this one.  Leave some comments on what you think.  We’ll discuss some of them in the next podcast.

Music for this podcast is:

  • Digital Breaks – “Therapy”
  • Digital Droo – “Minor Things”
  • Laika Cres – “Miles and Miles”
 

Vet

Bitnami