An Information Security Place Podcast

Link to MP3

MERRY CHRISTMAS and welcome to Episode 12! I have been sick all week, and it hit me hard yesterday and today. So Jim and Kirk saved the day and recorded the podcast without me. I am a little bummed that I was not on the last podcast of the year, but you would not have wanted to listen to me sounding all nasally.

So thanks to Jim and Kirk. Here are the…

Show Notes:

InfoSec News Update:

• Oh the Wonders of the Black Berry -
• More Phone Fun - Follow up from Episode #4
• Netscreens of the Dead - Great Preso
• New Checkpoint Vulnerabilities
• Amex has XSS issues
• Report - 1/3 of all Impersonation Attack Victims located in US or Russia
• Transit Authority Working With Hackers - Follow Up from Episode #8

Discussion - Using Local resources for Social Engineering

Geek Toys - Last Minute Geek Gift Ideas

• Asus EEEPC
• Nice ToolKit
• Noise Cancelling Headphones
• Some Quiet Time with the Family
• Lock Pick Set
• Portable Power Strip
• Podcaster on the Go
• Portable Bluetooth Speakerphone

Consultant’s Corner - 2008 Year in Review - the Consultant’s Perspective

Music Notes:

• Intro - TheHipCola - “Sleigh Ride”
• Segway 1 - Wiser Time - “Blue Christmas”
• Segway 2 - Bill Kahler - “Christmas Eve In The Trailer Park”
• Outro - TheHipCola - “Winter Wonderland”

Link to MP3

Show Notes:

Segment 1: InfoSec News Update (Michael gets to do a little talkin’ here - and he promptly screws it up):

• New Security Awareness video on YouTube - kinda cheesey, but a pretty good production
• Digittrade HD Encryption Broken- “in our test, unscrewing the housing took longer than cracking its encryption mechanism.”
• Lenovo’s new Facial recognition software defeated by printed photo
• Massachusetts new law - 201 CRM 17.00 - “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information” - a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal. Requires - Regular Monitoring, Documenting responsive actions taken during breach, and reasonable monitors of systems.
• File Under DUH! - Symantec Discovers Cybercrime makes money - estimates value around $1.7Bil
• Really simple PCI FAQ that you should be aware of
• Apple and the AntiVirus Debate - In a written statement sent to security news site Securityfocus.com, Apple explained their decision to pull the document: “We have removed the KnowledgeBase article because it was old and inaccurate,” Apple said in a statement sent to SecurityFocus. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.”

Discussion: BLATANT FUD - Patching at the Enterprise level - Securina “virtually every Windows PC is at risk” - 98% of Windows computers are missing patches - 46% were missing more than 11 patches

• Follow on - make sure you reboot!!

Segment 2: Geek Toys and Consultants Corner

• Geek Toys - Kensington Portable Power outlet - AS SEEN ON REGIS AND KELLY!!!!
• Consultants Corner - Helping client dealing with a breach (specifically as how it relates to compliance issues)

Music Notes: NEW - CHECK OUT THE LINKS TO THE BANDS ON PODSHOW.COM

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Portal - “The Simple Things”
• Segway 2 - Shovel 13 - “Show Me Affection”

Link to MP3

Show Notes:

Episode 10! We are in double digits! W00T! Thanks to Jim for all the hard work on getting these podcasts produced, for picking the music, for doing most of the talking, for… errr, what do I do around here anyway??

Segment 1: InfoSec News Update and some discussion about pinko commies

• Ted Demopoulos’ has set up a website with comments on the state of some security certs
• Metasploit 3.2 is released. Always good stuff coming from a fellow Texan
• Sendmail has Yet Another DOS vuln. Of course, that’s not a security vulnerability, so I am not sure why we are talking about it here. Yea, right…
• Pinko Commie China Targets US Computers for Espionage - US-China Economic and Security Review Commision Report - Report File (pdf)
• Discussion - Are Sharepoint Sites the Weakest link? - Survey Q from Cnet

Segment 2:

• Geek Toys - Jim has pretty much given up on trying to please Kirk because he is talking about non-security related toys AGAIN - a review of the Popcorn Hour A-110
• Consultants Corner- Staying diligent during holidays
• Further ranting - Jim says “LEAVE ME ALONE - I AM BUSY” to Q4 invitations to speak at conferences

Music Notes:

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Naked Gun - “A.D.D.”
• Segway 2 - Kickstart - “Bouncey”

Link to MP3

Show notes:

Just Jim and I today talking about news and adding some ranting (as usual).

Segment 1: InfoSec News Update and various ranting

• WPA - TKIP Cracked - Erik Tews and Martin Beck
• Yet another Acrobat Vuln
• BarCode Exploitation - Tommy Joe Tidwell - Stole $1 million of merchandise and sold it on eBay
• Duplicate Keys from Photo
• McCain and Obama Hacked by Unknown Foreign Entity
• Discussion / Rant - The Uselessness of TSA

Segment 2:

• Geek Toys - BlueAnt SuperTooth 3 Review
• Consultants Corner - Importance of Physical Security
• We bid you a fond farewell

Music Notes:

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Naked Gun - “A.D.D.”
• Zinger - JunkTones - “Welcome To the USA”
• Segway 2 - Kickstart - “Bouncey”

Link to MP3

Show Notes:

Kirk Greene, a coworker of Jim and me, joins us today, and general hilarity ensues.  Thanks for being brave enough to come on the show Kirk!

Segment 1:  InfoSec News Update

• MS08-067 - Server Service Exploit - Can you say WORM!
• PauldotCom - Securing Cisco routers
• No Tech Hacking at Bluehat
• BART updating it’s Security
• Cool tool - Mapping IP to BGP AS Numbers
• A little FUD, but good info in Fortify’s paper on E-Voting
• Kirk, Jim, and I slam some vendors on drinking their own Kool-Aid, i.e. not running directly competing products in your production network!

Segment 2:

• Geek Toys - 8 Gig laptops and how Apple sucks (Jim said it!) - and Kirk reminds Jim that this is an Infosec podcast AGAIN.
• Consultants Corner - Kirk opens up the PA DSS discussion, and we talk about some possible ramifications to the POS (”point of sale” for clarification) industry
• We say goodbye, but not before we turn this whole podcast into a political debate (not really) since the next podcast will be AFTER the election (the most important one in history according to everyone that said that about the last election)

Music Notes:

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Jimmie Bratcher - “Bad Religion”
• Segway 2 - Kickstart - “Theme Song”

Link to MP3

Show notes:
Segment 1 - InfoSec News Update

• ClickJacking Demo’s popping up everywhere
• Voip and the SIP Protocol Demysitified - Wes Brown does a great article over on the Matasano website
• ATM Skimmer kit with SMS Texting
• Our new segment, but still under the News Segment for this show is Filed under DUH! -  China Monitoring Skype Text Messaging
• Judge Suppresses Results of E-voting System Audit
• Scanning you network for default passwords: Depant

Interview Segment:

• Interview A - Michael and Von Nguyne - SE @ Palo Alto Networks (next Gen Firewall)
• Interview B - Jim and Dan Kuykendall talk about NTO Spider (Jim)

Geek Toys: Jasager on the FON Router - Watch Episodes 403 and 405 of Hak5 or hop over to DigiNinja’s Jasager page

Consultants Corner: Discussion on doing some due diligence on checking vendor claims.  Open discussion on the recent Evil Bits Darkreading blog post

Music Notes:

• Intro/Outro - Digital Breaks - “Therapy”
• Segway 1 - Jimmie Bratcher - “Bad Religion”
• Segway 2 - The Erotics - “Walk All Over You”
• Segway 3 - Megaphone - “Not Your Enemy”
• Segway 4 - Kickstart - “Theme Song”

Link to MP3

Link to MP3

Link to MP3

Link to MP3