All three of us are on this time. Some good talk about disclosure and web app firewalls, and Google, and some other stuff. Enjoy!

Show Notes:

InfoSec News Update -

Discussion Topic #1 – Google Is Watching Your Wifi, But do You Really Care?

Discussion Topic #2 - Ye’ Old “Disclosure” Debate…Again?!? Link 1 / Link 2

Music Notes –

Link to MP3

Posted by m1a1vet on June 23, 2010 at 11:17 am under Uncategorized.
Comment on this post.

 

So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

Info Sec News Moments:

  • Kudos to MS’ IE 8 Add Campaign – Link Here
  • Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
  • Android and the SMS Rootkit Hack – Link Here
  • Google Ditching Windows due to Security Concerns – Link Here
  • Denver OWASP – SnowFroc Con – Link Here

Music Notes:

Link to MP3

Posted by m1a1vet on June 3, 2010 at 3:35 am under Uncategorized.
Tags: , , , , , , , , , , , ,
Comment on this post.

 

Episode 35 is here. The format is different today. Instead of you listening to Dan, Jim, and me yap about news and pontificate about security topics, you are going to hear a talk I gave at the Texas Technology Summit in early April 2010.  The talk title and synopsis are below, along with a link to the slide deck.

Title: Breaking Down the Enterprise Security Assessment

Synopsis: Many enterprise security assessments look at too few attack vectors or do not dig far enough into the attack vectors once a vulnerability has been discovered.   Come join a discussion on the breakdown of a security assessment, explore the essential attack vectors, and debate the depth to which the assessment should go.

Link to MP3

Link to slides

Posted by m1a1vet on May 3, 2010 at 1:59 pm under Uncategorized.
Tags: , ,
Comment on this post.

 

We are really sorry for the long delay, but all three of our schedules have been packed for the last 2 months. But I’m sure you don’t want to hear any excuses, so without further hesitation… Here’s Episode 34.

Show Notes:

Kudos to Tommy Perniciaro for article at SC Magazine – Link Here

InfoSec News Update –

  • Physical Security on Mac sucks – Link Here
  • What Drives Corporate Security Spending? – Link Here
  • Crazy Patch Week – Link 1 / Link 2
  • Federal Court Uphold Border Searches for Laptops – Link Here
  • Are Bank Breaches Still Trending High in 2010 -Link Here
  • So Easy, Even a Celebretard Can Do It! – Link Here
  • Perceptions Of Security Vary Widely Between IT Management, Security Staff – Link Here
  • Slow Death of XSS Vulns – Link Here

Discussion Topic #1 – Integration of Web Vuln Scanners with IPS/WAFs

Discussion Topic #2 - Update your End user Awareness Training and stop blaming your users!

Link 1 / Link 2 / Link 3

Music Notes:

Link to MP3

Posted by m1a1vet on April 16, 2010 at 12:42 pm under Uncategorized.
Comment on this post.

 

Yes, the logo is weird this time.  If you can’t tell what it is, maybe this will help.  For the first time ever (and probably the only time since I don’t get to Atlanta much), An Information Security Place Podcast has joined forces with the  Southern Fried Security Podcast to create a joint episode.  Can you see it now??  Yes, that is the logo for An Information Security Place Podcast placed over Colonel Sander’s face (he is the patron saint for the SFS podcast).  Yea,  I thought it was actually kinda freaky, too.  but what else do I have to do with my time??

So we joined forces for a couple of reasons:

  1. Because I was in Atlanta to speak about security assessments at the local NAISG chapter.
  2. I begged Martin to let me post it up as episode 33 over here since Dan, Jim and I haven’t had a chance to record yet, and this makes it all better!

So we stayed in the same room where the event was held and got irradiated by a myriad of computer and sound equipment while recording the podcast.  I had to wear someone’s headset, and now I have some kind of weird rash and some minor swelling around my ears.  And to make it even more fun, Mike Rothman sat across from us the whole time and heckled us.  What a night.

Actually, I had an awesome time.  Very good times with very good friends.  Thanks to the whole Atlanta NAISG crew and the SFS podcast crew (Andy Willingham, Martin Fisher, and Steve Ragan) for inviting me in with typical southern hospitality (even though Steve is a Yankee).

As to show notes, I am lazy.  I am only going to have one note (below) because it is the one news item that I brought along and the ONLY one that Andy didn’t include in his notes (in fairness, I never sent him the link).  Here’s a link to the SFS podcast site with the rest of the notes.   (Hey, Andy did the hard work – why duplicate efforts??)

  • Caleb Sima says that developers shouldn’t learn anything about security – Link here

Link to MP3

Vet

Posted by m1a1vet on March 12, 2010 at 9:28 pm under Uncategorized.
Comment on this post.

Just realized that iTunes picked up Episode 31 instead of episode 32 on the latest post.  I had to delete the enclosure in Wordpress and then recreate it.  Not sure what happened.  If you subscribe to the podcast via iTunes, you may need to delete Episode 32 and then update.  Sorry about that!

Posted by m1a1vet on February 23, 2010 at 10:27 pm under Uncategorized.
Comment on this post.

 

OK, holy crap.  We expected this episode to be pretty short since Jim was not around to add his golden commentary, but we got to yappin’ and churned out almost an hour of content (I use that term loosely).  So enjoy the show!

Show Notes:

InfoSec News Update –

  • Iran Shutters Google’s Gmail Service, offering own email for citizens – Link here
  • Security Scoreboard – Link here
  • Brian Kreb’s has blog post used by scammers - Link here and Sophos article link here
  • The Death of Product Reviews (Mike Rothman at Securosis) - Link here
  • TSA agent arrested for molestation - Link here
We won’t get intot he details here because this guy is sick, but I had to point out this line from the TSA blog about the issue:
“TSA holds the highest standards for our workforce and this individual’s actions do not reflect on the more than 50,000 men and women who work every day to keep the traveling public safe.”
  • Hacker threat forces DoH to close appraisal site (Political Activist?) - Link here
Discussion Topic – Smaller, more intimate security conferences (Security B-Sides, Schmoocon, etc)

Posted by m1a1vet on February 18, 2010 at 1:25 pm under Uncategorized.
Tags: , , , , , , , , , , , , , , , ,
Comment on this post.

 

Everyone was here for this episode (meaning Dan, Jim, and Michael), and it was pretty much on schedule this time. We do the normal cutting up, then talk about news and start discussing stuff. Then Dan puts the hurt down on some developer geek speak. You will definitely learn  from stuff from this episode (as opposed to the drivel you get from most of our episodes).  Very good stuff.

BTW, the format of the posts are changing just a bit. While the podcast player will stay where it usually is at the top of the post, the link to the file will now be below the posts. This is changing because when iTunes picks up the text from the feed, it throws the “Link to MP3″ text at the top, and it looks weird when looking at the show description in iTunes. Just a minor change really, but just wanted to point it out here in case that is where you grab the file. OK, now on to the show!

Show Notes:

InfoSec News Update –

Discussion Topic #1 – Laptops on Hostile Networks – Link Here

Discussion Topic #2 - DK’s Web App Security Minute… and then some :)

Music Notes:

Link to MP3

Posted by m1a1vet on February 5, 2010 at 12:58 pm under Uncategorized.
Tags: , , , , , , , , , , , , , , , , , , ,
Comment on this post.

 

Link to MP3

The first podcast of the new year is here, and it is a nice round number! That is sweet! So please forgive any weirdness in the way this episode sounds. It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting. Jim is a miracle worker, but even he could not make it completely fluid!

Also, because of scheduling, Dan did not get to join us. But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys. I think you will enjoy this episode, even with all the weirdness!

Show Notes:

Info Sec News Update -

  • Jim, Michael, and Tyler talk about all the Google Hacking – Link Here

Interview #1 -Michael with Roger Hegland of TruARX

Interview #2 - Jim with Mike Tuchen of Rapid7

“Added Bonus to Our Listeners”

Going to RSA? Join Rapid7 on March 3rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp

Discussion Topic - PCI in the Gaming Industry

Music Notes –

Posted by m1a1vet on January 26, 2010 at 2:04 am under Uncategorized.
Tags: , , , , , , , ,
Comment on this post.

 

Link to MP3

Merry Christmas to all our listeners! It’s that time of the year again where we sit down and make a fun podcast and recap the year and look forward to next year. Heck there was even a Christmas Miracle on this episode… it was actually recorded on time !!!! So sit back with your eggnog next to the Yule log fire under the stockings and enjoy!

Show Notes:

InfoSec News Update –

Discussion Topic -

2009 Year in Review and Looking Forward Predictions to 2010 –

Link 1 / Link 2 / Link 3

Music Notes -

Posted by m1a1vet on December 23, 2009 at 2:48 pm under Uncategorized.
Tags: , , , , , , , , , , ,
Comment on this post.

« Previous Entries