Link to MP3
The long-awaited episode 20 is finally here. Sorry for the crazy long wait!
InfoSec News Update –
Discussion Topic -Whats the difference between an Auditor and a Assessor?
Consultant’s Corner - To Scope or Not to Scope
Music Notes:
Posted by m1a1vet on June 19, 2009 at 1:16 pm under Uncategorized.
Tags: assessor, ATM, auditor sued, Blackberry, cyber czar, Eastern Europe, Exobox, IOSCAT, Iran, Keykeriki, L0phtCrack, Obama, T-Mobile, trojan, Twitter
Comment on this post.
Link to MP3
So, we officially have our first lost episode. I recorded episode 18 a while back with Michael Santarcangelo, but we had some crazy technical problems. When I tried to get everything edited together to make it work, I started having some major problems. Without getting into all the details, the recording was not salvageable. Sorry to Michael for this since I know he took his valuable time to record with me.
So know we have episode 19. I guess we could have just said this one was episode 18 and went on, but we are honest people over here at An Information Security Place Podcast. And as far as episode 19 goes, Jim and I have been balls-to-the-wall busy lately, and I have had a crazy schedule for over a month. Jim got a break in his schedule (probably more like forced a break) and coerced Kirk Greene to help him out in my place. And then Jim had some technical problems as well and ended up recording the last 15 minutes by himself (or Kirk pissed him off – not sure which). Yes, it has been a crazy time for us. But we are back, and hopefully we will get back on a regular schedule.
Now, here are the show notes for episode 19:
InfoSec News Update –
- Warm Fuzzy Story – Many Users say they’d sell company info for the right price! – Link Here
- Another Twitter Admin Account Compromised – Link Here
- New Tools Emerge To Ease Enterprise Fear Of Firewall Swapping – Link Here
- Acrobat with Yet Another 0-day – Link Here
- Feb Bank Worker charged with Data Theft – Link Here
- More Federal Reg ‘a’ Coming for Power companies – Link Here
- Thats gonna leave a mark! – Multiple Vulns found on Mcaffee’s website – Link Here
- Hacker’s demand: $10M for Virginia prescriptions database – Link Here
- Economy Note – Security Suffers Cuts but fares better than most – Link Here
Geek Toys -
Consultants Corner - DIY Security Testing Lab
Music Notes:
Posted by m1a1vet on May 18, 2009 at 1:10 pm under Uncategorized.
Tags: 0-day, Acer, Acrobat, admin account, Adobe, database, federal regulations, firewall swapping, McAfee, power, prescription, QNAP TS-809, Twitter, vulnerabilities. Virginia, website
Comment on this post.
Link to MP3
Here is Episode 17. Sorry for the delay in getting it out. Last week was extremely rough for Jim and I, but we are back at full strength now. Well, maybe 85% strength anyway 
In this show Jim and I relate the latest news as always, then we have some discussion about layoffs and how that is causing a lot of orphaned hardware and software. Then we discuss some challenges for the consultant in walking the mind field of politics at client companies.
Also, we had some listener feedback from Geir. He was busting on us a bit about our saying you need to patch your stuff when we were talking about 0day. Thanks for keeping us straight Geir. If you want to send feedback, you can send it to podcast-at-infosecplace.com.
Here are the show notes:
InfoSec News Update:
- Follow up – Another Payment Processor Has Been Hacked – Visa says JUST KIDDING! – Link Here – This Just In – A new timeline of the Unnamed Processor – Link Here
- Gartner – Nearly 8 Percent of U.S. Adults Lost Money To Financial Fraud in ‘08 – Link Here
- Federal cybersecurity director quits, complains of NSA role – Link Here
- Health Records Show Up in Yard – Link Here
- Study: Antivirus Software Catches About Half Of Malware – Link Here
- MS Finally killing off AutoRun – Link Here
- Marine One data leak – Link Here
- The Return of L0phtCrack!! – Link Here
- WarVox Released – Link Here
- Theives Steal the Show at Cebit – Link Here
- Checklist for complying with PCI security standard – Link Here / Link To Checklist
Discussion - Orphaned hardware and Software – Link Here
Consultant’s Corner - Dealing with political landscapes at your client’s company
Music Notes:
Posted by m1a1vet on March 19, 2009 at 11:42 am under Uncategorized.
Tags: Antivirus, autorun, CeBit, data leak, financial fraud, Gartner, HD Moore, L0phtCrack, malware, Marine One, Metasploit, Microsoft, NSA, PCI DSS, Rod Beckstrom, theives, Visa, WarVox
Comment on this post.
Link to MP3
Episode 16 is up and running. Jim and I cover a lot of news again in this episode. Also, Jim goes a little crazy with the geek toys, but it is all really cool stuff and good info. We get into some PCI futures, playing off of Rich Mogull’s ideas on the subject. And we have a good cert discussion as well.
Show notes:
InfoSec News Update:
Geek Toys:
Consultants Corner: Top three security certifications (uhhh, yeah…)
Music Notes:
Posted by m1a1vet on February 26, 2009 at 1:48 pm under Uncategorized.
Tags: 0-day, Acrobat, BackTrack, breach, certifications, Chris Paget, cyberspace, Facebook, GNU Radio Kit, Heartland, Intel, Lenovo, Moxie Marlinspike, MSI Wind, Payment processor, Smart phones, Tmobile, weaponizing
Comment on this post.
Link to MP3
Here is episode 15. There was a lot to cover in this episode. Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time. Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.
BTW, I am a milestone guy, and any time a “0″ or a “5″ is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.
Show notes:
InfoSec News Update: whole lot of crap!
- FAA Security Breach Exposes 45K Employees
- AV makers Hacked – BitDefender and Kaspersky, More: Full Info on hackers Blog
- Electronics Firm Faces FTC Lawsuit Following Multiple Hacks – “The complaint alleges that until at least December 2007, Compgeeks (geeks.com) routinely stored this sensitive information in unencrypted text on its corporate computer network, among other security failures. The complaint also charges that the respondents did not adequately assess whether its Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as SQL injection.”
- Identity thieves beat Obama to stimulus package punch
- Obama’s new CyberSec Chief Named
- Federal Workers Warned Of Potential Data Compromise At SRA
- Jailed SF network admin files $3M claim – Looks like the S.F. Mayor has some l33t admin skills because “Childs, formerly a network administrator with the city’s Telecommunications and Information Services (DTIS), had argued that the department’s staff was incompetent and that the mayor was the only person qualified to handle the passwords.”
- Heartland Breach Follow up – 157 institutions claiming issues – includes Bermuda, Canada, and Guam
- War cloning, the “new hacker sport”
- The latest MS Patches – One is for MS SQL, and there is exploit code out there
Discussion: File Under DUH! Unauthorized Web Use On The Rise
Consultants Corner: How does “Compliant” equal Owned?
Music Notes:
Posted by m1a1vet on February 12, 2009 at 1:49 pm under Uncategorized.
Tags: Anton Chuvakin, BitDefender, breach, Chris Paget, compliance, FAA, FTC, geeks.com, hacked, Heartland, HIPAA, Kaspersky, Obama, p0wned, patching, PCI, phishing, SQL, SRA, stimulus, Terry Childs, war cloning
Comment on this post.
Link to MP3
Episode 14 is here. First off, let me thank everyone that is listening to Jim and me spout off about everything. Fourteen shows does not seem like a big number, but it involves a lot of work getting this going (especially on Jim’s part – thanks Jim) and keeping it going, and Jim and I appreciate everyone sticking in there with us.
Second, we have made some changes with my setup, so there might be a sound difference and some issues with this episode. Forgive us as we get some new kinks worked out.
Third, this episode includes an interview with Mike Rothman from eIQnetworks. You might know him better as that guy from Security Incite that has a yankee accent and tells everyone what he is thinking. Either way, Mike is a great guy and a great friend, and I was honored to interview him. I think you will enjoy that portion of the show.
And lastly, there is a programming note. The geek toys segment that is brought to you by Jim every show is now going to be made more of a quarterly thing. The reason is because Jim has to find something to talk about every time, and it is getting a little more difficult to find something for every show.
Here’s the breakdown of the show.
Show Notes:
InfoSec News Update: there’s been a lot happening the last two weeks
Discussion – New president declares his plan for US Cyber Security (more cynicism from Michael)
Vendor Interview – Michael interviews Mike Rothman from eIQnetworks
Consultants Corner -Combining compliance initiatives and what that means for security practices
Music Notes:
Posted by m1a1vet on January 29, 2009 at 9:06 am under Uncategorized.
Tags: breach, compliance, Confiker, credit cards, data mining, eIQnetworks, government, Health and Human Services, Heartland, medical data, Microsoft, Mike Rothman, Monster.com, Security, Shavlik, Twitter
1 Comment.
Link to MP3
An Information Security Place Podcast Lucky Episode 13 is here! Sorry for the delay between podcasts. Jim and I usually try to maintain the every-2-weeks schedule, but since we had Accuvant’s annual meeting coming up, we decided to push it out so we could do it there (”there” was Sedona, AZ – a beautiful place). This is the first time Jim and I have been in the same room recording the podcast, which was different (Jim kinda smells a bit). We had fun with it.
In addition, I wanted to take advantage of having some vendors close by (we have a vendor fair every year) for some interviews. I only got one, but it was a good one with Bluecoat. Thanks to Greg Buchan and Thomas Lee for spending some time with me.
So without further ado, here are the show notes:
Show Notes:
InfoSec News Update:
Discussion – Security Predictions for 2009 from Computer World
Geek Toys – MiniStack v3 Review
Consultants Corner – Choosing the right travel plans for yourself
Vendor Interview – Michael interviews Bluecoat
Music Notes:
* Intro/Outro – Digital Breaks – “Therapy”
* Segway1 - SatelliteState – “ClockWorks”
* Segway2 – Naked Gun – “A.D.D.”
Posted by m1a1vet on January 19, 2009 at 3:02 pm under Uncategorized.
Tags: Academy Home, Beta, biometrics, Bluecoat, DOS, fingerprints, Japan, McAfee, MiniStack, Nokia, Peter Giannoulis, phone, South Korea, Twitter, Windows 7
Comment on this post.
Link to MP3
MERRY CHRISTMAS and welcome to Episode 12! I have been sick all week, and it hit me hard yesterday and today. So Jim and Kirk saved the day and recorded the podcast without me. I am a little bummed that I was not on the last podcast of the year, but you would not have wanted to listen to me sounding all nasally.
So thanks to Jim and Kirk. Here are the…
Show Notes:
InfoSec News Update:
Discussion - Using Local resources for Social Engineering
Geek Toys – Last Minute Geek Gift Ideas
Consultant’s Corner - 2008 Year in Review – the Consultant’s Perspective
Music Notes:
Posted by m1a1vet on December 24, 2008 at 9:19 pm under Uncategorized.
Tags: American Express, Asus EEEPC, Blackberry, Checkpoint, McCain, Netscreen, Palin, social engineering, vulnerabilities, XSS
Comment on this post.
Link to MP3
Show Notes:
Segment 1: InfoSec News Update (Michael gets to do a little talkin’ here – and he promptly screws it up):
- New Security Awareness video on YouTube – kinda cheesey, but a pretty good production
- Digittrade HD Encryption Broken- “in our test, unscrewing the housing took longer than cracking its encryption mechanism.”
- Lenovo’s new Facial recognition software defeated by printed photo
- Massachusetts new law – 201 CRM 17.00 – “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information” – a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal. Requires – Regular Monitoring, Documenting responsive actions taken during breach, and reasonable monitors of systems.
- File Under DUH! – Symantec Discovers Cybercrime makes money – estimates value around $1.7Bil
- Really simple PCI FAQ that you should be aware of
- Apple and the AntiVirus Debate – In a written statement sent to security news site Securityfocus.com, Apple explained their decision to pull the document: “We have removed the KnowledgeBase article because it was old and inaccurate,” Apple said in a statement sent to SecurityFocus. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.”
Discussion: BLATANT FUD – Patching at the Enterprise level – Securina “virtually every Windows PC is at risk” – 98% of Windows computers are missing patches – 46% were missing more than 11 patches
Segment 2: Geek Toys and Consultants Corner
- Geek Toys – Kensington Portable Power outlet – AS SEEN ON REGIS AND KELLY!!!!
- Consultants Corner – Helping client dealing with a breach (specifically as how it relates to compliance issues)
Music Notes: NEW – CHECK OUT THE LINKS TO THE BANDS ON PODSHOW.COM
Posted by m1a1vet on December 11, 2008 at 12:26 pm under Uncategorized.
Tags: Antivirus, Apple, Digittrade, facial recognition, Kensington, Lenovo, patching, PCI, security awareness
Comment on this post.
Link to MP3
Show Notes:
Episode 10! We are in double digits! W00T! Thanks to Jim for all the hard work on getting these podcasts produced, for picking the music, for doing most of the talking, for… errr, what do I do around here anyway??
Segment 1: InfoSec News Update and some discussion about pinko commies
Segment 2:
- Geek Toys – Jim has pretty much given up on trying to please Kirk because he is talking about non-security related toys AGAIN – a review of the Popcorn Hour A-110
- Consultants Corner- Staying diligent during holidays
- Further ranting – Jim says “LEAVE ME ALONE – I AM BUSY” to Q4 invitations to speak at conferences
Music Notes:
- Intro/Outro – Digital Breaks – “Therapy”
- Segway 1 – Naked Gun – “A.D.D.”
- Segway 2 – Kickstart – “Bouncey”
Posted by m1a1vet on November 26, 2008 at 6:41 am under Uncategorized.
Tags: certifications, Chinese cyber espionage, holidays, Metasploit 3.2, Popcorn Hour A-110, Sendmail, Sharepoint, Ted Demopoulos, vulnerability
Comment on this post.
