m1a1vet

Jan 232014
 

 

Jim, Dan, and Michael have a lot of catching up to do. We talk about a lot of stuff because a lot of stuff has been happening. From RSA, NSA, QSAs… security is busy! Show notes below!

Show Notes:

InfoSec News Update –

  • 123456 is the new best of the worst – Link
  • RSA Conf and those skipping it this year – Link
  • Fixing a flawed VA medical records system: Tenacity pays off for a researcher – Link
  • Do you believe the Obamacare website is secure? These guys don’t – Link1, Link2, Link3
    • Discussion Topic – The Failure Themes of the Target Breach:

    • Massive Props to Brian Krebs on his coverage of the whole debacle – Krebsonsecurity.com
    • AntiVirus Takes it on the Chin …Again – Link
    • Egress Filter Much? – Link
    • Credit Card Processing Fundamentally flawed – Link
    • EMPHATIC POINT OF THE PODCAST!! Complacent with Compliance … again PCI!= security

      Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

    • Intro: “Stay Alive“ – Rivethead
    • Segment 1 – “CricketBat” – RivetHead
    • Segment 2 – “Burn Us Down” – Early Morning Rebel
    • Outro: “Zero Gravity“ – RivetHead

    Link to MP3

Oct 192013
 

 

Quick show this time. Jim, Dan, and Michael are all at HouSecCon 2013 in Houston, TX on October 18. They found a quiet room away from all the conference noise and recorded a fast podcast. Jim and Dan talk about their talks, and Michael talks about the fun and stress of being the HouSecCon organizer. Michael also shares some details about his new gig with HP Fortify on Demand.

Enjoy!

Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

  • Intro – Stay Alive – Rivethead
  • Outro – Zero Gravity – RivetHead

Link to MP3

Sep 072013
 

 

We’re in rare form today. A lot of fun sprinkled with the occasional good nugget of information security news and discussion.

Show Notes:

InfoSec News Update –

  • New OSX Metasploit Module or Time is not on your Side! – Link
  • If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the “admin group”), and the user has ever run the “sudo” command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970.

  • Communication is key – Link
  • Hacking Fantasy Football – Link
  • China Shifts to newer Exploits – Link
  • Now that folks are patching CVE-2012-0158

  • FTC smacks Internet-Connected home security cameras – Link
  • CSRF Protection wiithout nonce or random tokens – Link
  • British Parliament loves them some Pr0n! – Link
  • Samsung adding security to Android – Link
  • Gartner pushing SAST & DAST T together – Link
  • The blog is old, but this years Magic Quadrant has them merged into a
    single report. Is this a good or bad thing?

  • HouSecCon Update! – Link

Discussion Topic –

  1. 10 Golden Rules of the Outstanding CISO – Link

Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

  • Intro – Stay Alive – Rivethead
  • Segment 1 – Synchroncity II – RivetHead
  • Segment 2 – Deaf Ears – RivetHead
  • Outro – Zero Gravity – RivetHead

Link to MP3

Aug 212013
 

 

We’re back to work.

Show Notes:

InfoSec News Update –

  • Scan the Entire Internet in less than 45 minutes!! – Article Link and tool link
  • Zuckerberg’s Profile Hacked – Link
  • FDA Issues Guidelines on Wireless Medical Devices – Link
  • OWASP Top 10 Update – Link
  • Malware Sandboxing Not Working – Link
  • Sparty: MS Sharepoint and Frontpage Audit Tool – Link
  • HouSecCon Update!Link

Discussion Topic –

  1. The Threat of Social Engineering – Jigsaw FTW
  2. Link 1
  3. Link 2

Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

  • Intro – Stay Alive – Rivethead
  • Segment 1 – – RivetHead
  • Segment 2 – – RivetHead
  • Outro – Zero Gravity – RivetHead
  • Link to MP3

May 222012
 

 

Holy crap, we recorded an episode. That’s all I got to say about that…

Show Notes:

InfoSec News Update –

  • Howard Schmidt is Retiring – Link Here
  • Vulnerability Stats of Publicly Traded Companies – Link Here
  • Tool Update – Threadfix from Denim Group – Link Here
  • The Mission Impossible Self-Destructing SATA SSD Drive – Link Here
  • The WAF Wars – Link 1 / Link 2 / Link 3
  • PwnieExpress Releases PwnPlugUI/OS 1.1 – Link Here
  • App for scanning faces to gauge age at bars – Link Here
  • Business Logic Testing defined – Link 1
  • ErrataSec – Wants your hotel PCAP Files – Link 1 / Link 2

Discussion Topic –

  1. Should specific security efforts be validated when the program as a whole is crap? Link Here

Music Notes:?Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour Dates:

  1. June 1 – Dallas – Curtain Club

Intro – RivetHead – The 13th Step”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3

Feb 242012
 

 

Today’s show is Michael interviewing Kevin Riggins. Kevin is an Enterprise Security Architect for a Fortune 500 financial services company. Kevin and Michael have some great conversation about Kevin’s job, what he is doing at RSA, where he blogs, the book he coauthored, etc. (look below in the show notes for links to everything).

Then a fun discussion starts about cloud, risk, mobility, risk in the cloud, risk in mobility, risk of mobility integrated with the cloud, and so on. Good stuff all around.

Here’s some links to stuff about Kevin and other stuff we talked about in the show.

  • Management Team Member for the Society of Information Risk Analysis – link
  • Coauthor on The Cloud Security Rules – link
  • Kevin blogs at Infosecramblings – link
  • Twitter pages – link and link and link
  • Feb 102012
     

     

    Thanks go to Jeremiah Grossman for sitting down with Michael for some great discussion. Jeremiah is the CTO at Whitehat Security and a very well known figure in the InfoSec industry. Jeremiah and Michael talk about Hawaii, sharks, security philosophy, RSA, stage fright, Jeremiah’s TED talk (not published as of the posting of this entry), and the age of the InfoSec industry and whether young folks are coming into the fold.

    You can find Jeremiah at Whitehat (link above) and his blog, and you can follow him and on Twitter as well. Jeremiah will be giving a talk and participating on panel at RSA as well, so be sure to attend those if you are going to the RSA Conference 2012.

    Jan 062012
     

     

    Wow! 6 Months…and 2 job changes later, we are finally back to recording! YEAH!….Here the latest show from our intrepid hosts.

    Show Notes:

    InfoSec News Update –

    • The Hacker News Hacking Awards : Best of Year 2011 – Link Here
    • Japan’s Anti-Virus Virus – Link Here
    • Nginx (pronunciation: “engine-ex”) becomes #2 web server
    • Saudi hackers break into Israeli site – Link Here
    • 3 Surefire Ways to Tick Off an Auditor – Link Here
    • OWASP AJAX Crawling Tool – Link1 / Link2

    Discussion Topic – 2012 Breach Report

    1. Care2 Discloses Breach; Company Has Nearly 18 Million Members – Link Here
    2. AntiSec hit California and NY Law Enforcement Sites – Link Here
    3. Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank – Link Here

    Music Notes:Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

    Tour Dates:

    1. Jan 6 – Dallas – Curtain Club
    2. Jan 27 – Dallas – Trees
    3. Jan 28 – Dallas – Trees
    4. Mar 2 – Dallas – Curtain Club – 7th Album CD Release Party
    5. Mar 3 – Houston – BFE Rock Club
    6. Mar 24 – Fort Worth – The Rail Club
    7. May 5 – Dallas – Renos Chop Shop

    Intro – RivetHead – The 13th Step”

    News Bed – RivetHead - “Beautiful Disaster”

    Discussion Bed – RivetHead - “Difference”

    Outro – RivetHead – “Zero Gravity”

    Link to MP3

    Jul 132011
     

     

    Today we have an interview for you. Michael had a great time sitting down with four gentlemen (they might not all agree with that term) from SpiderLabs over at Trustwave. The aforementioned SpiderLabs folks were Nicholas Percoco (@c7five), Steve Ocepek (@nosteve), Matt Jakubowski (@jaku), and Zack Fasel (@zfasel) – those are Twitter aliases for you newbs out there.

    They went over their respective histories, talked about SpiderLabs and their leetness, discussed a few talks that they are doing at DEFCON, talked about their party at DEFCON that will be held in a super-secret location, and went through about 50 SpiderLabs insider jokes.

    Michael is also pretty sure someone (Zack) was enjoying adult beverages (Zack) during the recording (Zack), but he might be wrong…

    Enjoy the show. And once again, thanks to Rivethead for the tracks. Go out to their website to see the latest on them, where they are playing, and all their news.

    Jun 022011
     

     

    A lot of discussion in this episode. And what is more funny is Dan actually cuts Jim off on a subject. Yes, you heard it right. The famous “Web Security Minute Turned to 20 Minutes” Dan makes Jim stop talking. I guess the end of the world IS here!

    Oh, and Dan leads us into the Land of Many Links with his Clickjacking story.

    Show Notes:

    InfoSec News Update -

    • HouSecCon 2011 update – Registration is open – Link Here
    • PCI Physical badging Gap – Link Here
    • Using Mario against us (evil) – Link Here
    • FUD article of the day – Half of lost/stolen mobile device have sensitive info on them – Link Here
    • Defining appropriate Cyber Attack response, A.K.A Eat my cruise missile you Commie, Pinko hacker! – Link Here
    • Clickjacking, Cookiejacking oh my! – Link 1 / Link 2 / Link 3 / Link 4
    • Can you have too much security? – Link Here

    Geek Toys -

    Discussion Topic – Five Infamous Database Breaches So Far In 2011 – Link Here

    Music Notes:

    Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

    Tour dates:

    • July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
    • July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

    Intro – RivetHead – “Stirring It Up Again”
    News Bed – RivetHead - “Beautiful Disaster”
    Discussion Bed – RivetHead - “Difference”
    Outro – RivetHead – “Zero Gravity”

    Link to MP3