
Everyone was here for this episode (meaning Dan, Jim, and Michael), and it was pretty much on schedule this time. We do the normal cutting up, then talk about news and start discussing stuff. Then Dan puts the hurt down on some developer geek speak. You will definitely learn from stuff from this episode (as opposed to the drivel you get from most of our episodes). Very good stuff.
BTW, the format of the posts are changing just a bit. While the podcast player will stay where it usually is at the top of the post, the link to the file will now be below the posts. This is changing because when iTunes picks up the text from the feed, it throws the “Link to MP3″ text at the top, and it looks weird when looking at the show description in iTunes. Just a minor change really, but just wanted to point it out here in case that is where you grab the file. OK, now on to the show!
Show Notes:
InfoSec News Update –
Discussion Topic #1 – Laptops on Hostile Networks – Link Here
Discussion Topic #2 - DK’s Web App Security Minute… and then some 
Music Notes:
Link to MP3
Posted by m1a1vet on February 5, 2010 at 12:58 pm under Uncategorized.
Tags: 77000, Alaska, cache poisoning, hacked, hostile network, House of Representatives, ID theft, laptops, Larry Suto, Mike Kershaw passwords, NTO Spider, Obama, pr0n, remote file include, RFI, rsnake, SEC, Web app scanners, websites, wireless
Comment on this post.

Link to MP3
The first podcast of the new year is here, and it is a nice round number! That is sweet! So please forgive any weirdness in the way this episode sounds. It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting. Jim is a miracle worker, but even he could not make it completely fluid!
Also, because of scheduling, Dan did not get to join us. But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys. I think you will enjoy this episode, even with all the weirdness!
Show Notes:
Info Sec News Update -
- Jim, Michael, and Tyler talk about all the Google Hacking – Link Here
Interview #1 -Michael with Roger Hegland of TruARX
Interview #2 - Jim with Mike Tuchen of Rapid7
“Added Bonus to Our Listeners”
Going to RSA? Join Rapid7 on March 3rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp
Discussion Topic - PCI in the Gaming Industry
Music Notes –
Posted by m1a1vet on January 26, 2010 at 2:04 am under Uncategorized.
Tags: gaming, Google, hacking, Las Vegas, Mike Tuchen, PCI DSS, Rapid7, Roger Hegland, TruArx
Comment on this post.

Link to MP3
Merry Christmas to all our listeners! It’s that time of the year again where we sit down and make a fun podcast and recap the year and look forward to next year. Heck there was even a Christmas Miracle on this episode… it was actually recorded on time !!!! So sit back with your eggnog next to the Yule log fire under the stockings and enjoy!
Show Notes:
InfoSec News Update –
Discussion Topic -
2009 Year in Review and Looking Forward Predictions to 2010 –
Link 1 / Link 2 / Link 3
Music Notes -
Posted by m1a1vet on December 23, 2009 at 2:48 pm under Uncategorized.
Tags: 2009, 2010. Adobe, buggy, COFEE, Cybersecurity coordinator, DECAF, DNS, drones, Firefox, Howard Schmidt, Merry Christmas, Twitter
Comment on this post.

Link to MP3
OK, this was just a stupid, crazy episode, and fun episode. We had technical hiccups, a roving co-host that likes to text another cohost, plus this episode is late getting recorded because of end-of-year schedule. but we got through it, and I think you are really going to enjoy the randomness…
Show Notes:
InfoSec News Update and Geek Toys Update –
- T-Mobile Employee causes largest data theft in the UK – Link Here
- Government Security Woes
Story 1 – 5 TSA workers put on leave over online posting – Link here
Story 2 – The Party Crashing Scandal – Link Here
Story 3 – Felon working for DHS for 2 years – Link Here
- Nessus 4.2 is released – Link Here
- Rapid7 and Metasploit Community Projects – Link 1 / Link 2
- ProxMark3 now shipping completed RFID read/write/clone kits – Link here
- Moxie launched cloud-based WPA password Cracking – Link Here
- Cure for Eye Strain – Gunnar Glasses – Link Here
Discussion Topic -
Changes to OWASP standard for 2010 –
Link Here
Consultants Corner - Picking your tools wisely… 2009/2010 update
Music Notes –
Posted by m1a1vet on December 11, 2009 at 1:49 pm under Uncategorized.
Tags: cracking, DHS, felon, Gunnar, Marlinspike, Metasploit, Moxie, Nessus, OWASP, ProxMark3, Rapid7, Salahis, TSA, WPA
Comment on this post.

Link to MP3
OK, Episode 27 is FINALLY here. Sincere apologies to all of our listeners. We really could not avoid the long break. Work and family and everything else seriously pounded us this time. ENJOY!
Show Notes:
InfoSec News Update -
- FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach – Link Here
- Senator says the cybersecurity chief should be in DHS, not the White house – Link Here
- Major SSL Flaw Find Prompts Protocol Update – Link Here
- Jailbroken iPhones more vulnerable to attack; ikee worm Rick Rolls iPhone users – Link Here
- New FDIC Phishing Attack – Link Here
- MSFT trying to walk the annoyance / security fine line with toned down User Access Control (UAC) in Windows 7 – Link Here
- Awesomely funny story about an IT engineer in Iraq annoying the troops with some bogus war driving – Link Here
Discussion Topic - Highlights from Michael’s NAISG Chapter Meeting
Geek Toys – “Ideas to get your Geek for Christmas”
Music notes -
Posted by m1a1vet on November 12, 2009 at 12:51 pm under Uncategorized.
Tags: Acer, BBQ, chief, ChoicePoint, Cybersecurity, Dell, DigiQ, FDIC, FTC, Houston, ikee, jailbreak, Microsoft, NAISG, NAS, Netbook, Nvidia, Obama, phishing, Windows 7
Comment on this post.

Link to MP3
Episode 26 is here. It almost didn’t happen since Michael was playing remote helpdesk dude for a relative from his hotel room in Dallas right before the recording, but we got it worked out. Enjoy!
Show Notes:
InfoSec News Update –
- Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
- Power Grid Takedown – a HowTO – Link Here
- Court Ruling – Disloyal Computing is Not Illegal – Link Here
- New OWASP Sponsored Web App Firewall – Link Here
- MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
- Trojans getting Smarter – Link Here
- PCI DSS Update Could Include Virtualization Security – Link Here
Discussion Topic -
Encouraging Bad Behavior via marketing (Identity Guard Commercials)
Consultants Corner - Predicting what Security Consulting will be like in the future – Link Here
Music notes –
Posted by m1a1vet on October 1, 2009 at 10:51 am under Uncategorized.
Tags: AV, bad, behavior, grid, Houston, marketing, Microsoft, NAISG, OWASP, PCI DSS, power, rsnake, security consulting, Star Trek, trojans, virtualization, WAF
Comment on this post.

Link to MP3
Episode 25 is here. Today’s podcast is different than our usual. Instead of having Jim, Dan, and Michael spout off and pontificate, we have Michael interviewing Wesley McGrew from McGrew Security. Wesley is a security researcher at Mississippi State University’s Critical Infrastructure Protection Center, where he works to find vulnerabilities in SCADA software. He also operates mcgrewsecurity.com , where he blogs about information security topics.
Wesley caught a script-kiddie back in June trying to do some pretty weak SCADA hacking at a Dallas-area hospital. He and Michael talked about the adventure. They also discussed some of Wesley’s future plan (not much since he couldn’t divulge a lot- oooo, mysterious!). So enjoy the show. Links to the blog posts from Wesley’s script kiddie adventure are below.
Posted by m1a1vet on September 16, 2009 at 1:57 am under Uncategorized.
Comment on this post.

Link to MP3
Hello all you happy people! Episode 24 is here. Michael was out sick, so Jim and Dan put it together. Jim is adamant about sticking to a schedule. Dang slave driver!
Show Notes:
InfoSec News Update –
- Credit Unions Under Attack – Link 1 / Link 2
- Massive SQL Injection Attacks – Link 1 / Link2
- Cisco Wireless LANS get “Skyjacked” – Link 1 / Link 2
- Flaw in Sear’s Website Left Database Open To Attack – Link Here
- WPA/TKIP Can be Broken in 1 Minute – Link 1 / Link 2
- 100 Dirtiest Web Sites of Summer 2009 – Link Here
- No Thumbprint, No Check-Cashing, Bank Told Armless Man – Link Here
- PCI Council Releases recommendation for Preventing Card Skimming – Link 1 / Link 2
- Federal Certification Program for “Cyber Professionals” / Bill would give President emergency control of the Internet – Link Here
Discussion Topic - Web App Scanners And Web App Firewalls According to Gartner
- Link 1 / Link 2
Consultant’s Corner – Updating Tools and Techniques
Music Notes:
Posted by m1a1vet on September 3, 2009 at 2:07 pm under Uncategorized.
Tags: Card skimming, Cisco, Credit Unions, flaw, iPhone, ipod Touch, PCI DSS, Safari, Sears, SkyJack, SQL Injection, TKIP broken, Twitter, vulnerability, web app firewalls, Web app scanners, website, WLAN
Comment on this post.

Link to MP3
We’re back with episode 23. Jim is back (you can decide if that is good news or bad news), and Dan Kuykendall is joining us again (calls himself the guest that won’t leave the couch). Thanks for listening…
Show notes:
InfoSec News Update -
- Big Thank You to all our Clients and the folks that stopped by the Booth and our party at BlackHat!
- UK ID card Hacked/Cloned in 12 Minutes – Link Here
- “Mega breaches” use preventable attacks – Link Here
- Hackers target outsourced app development – Link Here
- National Retail Federation still struggling with PCI – Link Here
- Reset Password problems, and reusing passwords in general:
- “FILE UNDER DUH” – Study warns of cyberwarfare during military conflicts – Link Here
Discusstion Topic - Web Security On Cell Phones – Link Here
Geek Toyz –
Music Notes:
Posted by m1a1vet on August 20, 2009 at 2:59 pm under Uncategorized.
Tags: admin, CNN, cyberattack, Geforce GTX 295s, hack, Hannaford, Heartland, mega breaches, National Retail Federation, password, PCI DSS, SheevaPlug PC, UK ID card Hacked, Wordpress
Comment on this post.

Link to MP3
Episode 22 is here. Jim was not available to join me this time (been traveling and real busy), so Dan Kuykendall from NT Objectives was kind enough to fill in as co-host for today. We had some good discussion, and a show that I thought would be a little shorter ended up being pretty long. But it is good stuff. Here are the show notes:
InfoSec News Update -
- Vulnerable web servers on webcams, NAS, etc – Link Here
- Obama’s cybersecurity Czar quits – Link Here
People familiar with the matter said Ms. Hathaway has been “spinning her wheels” in the White House, where the president’s economic advisers sought to marginalize her
politically.
In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day
cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the
White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official.
- SSL Under attack this year at BlackHat/Defcon. These attacks don’t attack the math, they attack the (mis)usage of the clients and cert authorities
New Tricks For Defeating SSL In Practice (sslstrip) -Link Here
Researcher Exposes Flaws In Certificate Authority Web Applications – Link Here
- Defcon goon “Priest” is everywhere – Links Here and Here
Discussion Topic - The ol’ security guidelines / best practices discussion
Consultants Corner – Varied BlackHat / Defcon points -
- SSL issues
- Unmasking You talk by Joshua “Jabra” Abraham and Robert “RSnake” Hansen
- Dan’s general Opinions about web security talks – he was underwhelmed
Music Notes:
Posted by m1a1vet on August 8, 2009 at 10:08 pm under Uncategorized.
Tags: BlackHat, Cybersecurity, Czar, Defcon, Goon, guidelines, Hathaway, Joshua "Jabra" Abraham, Marlinspike, NAS, Obama, PCI, Priest, quits, Robert "RSnake" Hansen, SSL, Standards, vulnerable, web server, webcams, WiFi
Comment on this post.