An Information Security Place Podcast

Everyone was here for this episode (meaning Dan, Jim, and Michael), and it was pretty much on schedule this time. We do the normal cutting up, then talk about news and start discussing stuff. Then Dan puts the hurt down on some developer geek speak. You will definitely learn  from stuff from this episode (as opposed to the drivel you get from most of our episodes).  Very good stuff.

BTW, the format of the posts are changing just a bit. While the podcast player will stay where it usually is at the top of the post, the link to the file will now be below the posts. This is changing because when iTunes picks up the text from the feed, it throws the “Link to MP3″ text at the top, and it looks weird when looking at the show description in iTunes. Just a minor change really, but just wanted to point it out here in case that is where you grab the file. OK, now on to the show!

Show Notes:

InfoSec News Update –

• Hacker Cracks 49 House Sites and Insults Obama – Link Here
• 17 Year Old Vulnerability – Link Here
• 77K Risk Data Loss in Alaska – Link Here
• SEC Workers Surfing Pr0n – Link Here / BREAK.COM VIDEO Link
• If your password is 123456, just make it HACKME – Link Here
• ID Thieves Successfully Targeting Wealth Victims – Link Here

Discussion Topic #1 – Laptops on Hostile Networks – Link Here

Discussion Topic #2 - DK’s Web App Security Minute… and then some

• Remote File Include Attacks – Link Here / DK’s Info Page
• Larry Suto’s New Web App Scanner Review Report - Link Here

Music Notes:

The first podcast of the new year is here, and it is a nice round number! That is sweet! So please forgive any weirdness in the way this episode sounds. It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting. Jim is a miracle worker, but even he could not make it completely fluid!

Also, because of scheduling, Dan did not get to join us. But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys. I think you will enjoy this episode, even with all the weirdness!

Show Notes:

Info Sec News Update -

• Jim, Michael, and Tyler talk about all the Google Hacking – Link Here

Interview #1 -Michael with Roger Hegland of TruARX

Interview #2 - Jim with Mike Tuchen of Rapid7

“Added Bonus to Our Listeners”

Going to RSA? Join Rapid7 on March 3^rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp

Discussion Topic - PCI in the Gaming Industry

Music Notes –

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Building Rome – “Dr. Doctor”
• Segway 2 – Megaphone – “Write it Down”
• Segway 3 – This is Fiction – “Breathe”

Merry Christmas to all our listeners! It’s that time of the year again where we sit down and make a fun podcast and recap the year and look forward to next year. Heck there was even a Christmas Miracle on this episode… it was actually recorded on time !!!! So sit back with your eggnog next to the Yule log fire under the stockings and enjoy!

Show Notes:

InfoSec News Update –

• Howard Schmidt new White House cybersecurity coordinator – Link Here
• deCOFEEnating Windows – Link Here
• Twitter DNS hack came from authorized credentials – Link Here
• Social Networks searches could be a hackers dream… Link 1 / Link 2
• FireFox and Adobe named “Most Buggy” – Link Here / Bit9 Link
• Insurgents Hack US Drones – Link Here / Software Link

Discussion Topic -

2009 Year in Review and Looking Forward Predictions to 2010 –

Link 1 / Link 2 / Link 3

Music Notes -

• Intro – TheHipCola – “SleighRide”
• Segway 1 – Winzenried – “Have Yourself A Merry Little Christmas”
• Segway 2 – OutSpoken – “Punk Rock Bells”
• Outro – TheHipCola – “Winter WonderLand”

OK, Episode 27 is FINALLY here.  Sincere apologies to all of our listeners.  We really could not avoid the long break.  Work and family and everything else seriously pounded us this time.  ENJOY!

Show Notes:

InfoSec News Update -

• FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach – Link Here
• Senator says the cybersecurity chief should be in DHS, not the White house – Link Here
• Major SSL Flaw Find Prompts Protocol Update – Link Here
• Jailbroken iPhones more vulnerable to attack; ikee worm Rick Rolls iPhone users – Link Here
• New FDIC Phishing Attack – Link Here
• MSFT trying to walk the annoyance / security fine line with toned down User Access Control (UAC) in Windows 7 – Link Here
• Awesomely funny story about an IT engineer in Iraq annoying the troops with some bogus war driving – Link Here

Discussion Topic - Highlights from Michael’s NAISG Chapter Meeting

Geek Toys – “Ideas to get your Geek for Christmas”

• Still Need A Netbook? Try and Acer or a Dell
• Playing with GPU Acceleration – The Nvidia GTX 260 is a great choice
• Windows 7 – Pick your favorite version
• Network Attached Storage – 2 Drive / 4 Drive / 8 Drive Solutions
• Make Perfect BBQ everytime – DigiQ system from thebbqguru.com

Music notes -

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Nathan Lee – “Hold Me Down”
• Segway 2 – Junk Yard Groove – “Its OK”
• Segway 3 – Great Luke SKI – “Parents Bought Me intellivision”

Episode 26 is here. It almost didn’t happen since Michael was playing remote helpdesk dude for a relative from his hotel room in Dallas right before the recording, but we got it worked out. Enjoy!

Show Notes:

InfoSec News Update –

• Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
  
• Power Grid Takedown – a HowTO – Link Here
• Court Ruling – Disloyal Computing is Not Illegal – Link Here
• New OWASP Sponsored Web App Firewall – Link Here
• MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
• Trojans getting Smarter – Link Here
  
• PCI DSS Update Could Include Virtualization Security – Link Here

Discussion Topic -

Encouraging Bad Behavior via marketing (Identity Guard Commercials)

Consultants Corner - Predicting what Security Consulting will be like in the future – Link Here

Music notes –

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – SwampdaWamp – “Lady”
• Segway 2 – Building Rome – “Dr. Doctor”
• Segway 3 – The Summer Set – “Chelsea”
  

Hello all you happy people!  Episode 24 is here.  Michael was out sick, so Jim and Dan put it together.  Jim is adamant about sticking to a schedule.  Dang slave driver!

Show Notes:

InfoSec News Update –

• Credit Unions Under Attack – Link 1 / Link 2
• Massive SQL Injection Attacks – Link 1 / Link2
• Cisco Wireless LANS get “Skyjacked” – Link 1 / Link 2
• Flaw in Sear’s Website Left Database Open To Attack – Link Here
• WPA/TKIP Can be Broken in 1 Minute – Link 1 / Link 2
• 100 Dirtiest Web Sites of Summer 2009 – Link Here
• No Thumbprint, No Check-Cashing, Bank Told Armless Man – Link Here
• PCI Council Releases recommendation for Preventing Card Skimming – Link 1 / Link 2
• Federal Certification Program for “Cyber Professionals” / Bill would give President emergency control of the Internet – Link Here

Discussion Topic - Web App Scanners And Web App Firewalls According to Gartner
- Link 1 / Link 2

Consultant’s Corner – Updating Tools and Techniques

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Dave Stanley Band – “Lights Out”
• Segway 2 – No Mans Hero -”Now That Its Over”
• Segway 3 – ByTheWayside- “DoYouEverNotice”