An Information Security Place Podcast

Link to MP3

Episode 16 is up and running.  Jim and I cover a lot of news again in this episode.  Also, Jim goes a little crazy with the geek toys, but it is all really cool stuff and good info.  We get into some PCI futures, playing off of Rich Mogull’s ideas on the subject.  And we have a good cert discussion as well.

Show notes:

InfoSec News Update:

• Another Payment Processor Has Been Hacked

• Follow Up from last podcast – Chris Pagets ShmooCon session video is up

• Reported raids on federal computer data soar

• Backtrack 4 Beta Released

• FaceBook Privacy Changes

• Acrobat 0-Day running Wild

• XSS Stealing Data without a trace -”Our goal was to retrieve Web content anonymously,” says Matthew Flick, principal with FYRM Associates, who, along with fellow researcher Jeff Yestrumskas, demonstrated the XSS Anonymous Browser (XAB) framework at Black Hat DC yesterday. “We [said], ‘Why don’t we volunteer people for our network?’…Cross-site scripting can make people do things we want.

• Weaponizing Cyberspace

• Threats the Smart Phones Increase

• Intel’s new Bios Gets Slapped

• Researcher demonstrates SSL attack

• GNU Radio Kit – Universal Software Radio Peripheral
• Netbooks A Plenty – MSI Wind and Lenovo S Series
• Tmobile @home Service

Consultants Corner: Top three security certifications (uhhh, yeah…)

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Electric Touch – “Sounds From the Underground”
• Segway 2 – Junkyard Groove – “Thank You”
• Segway 3 – InnerLogics – “Bam’s GirlFriend”

Link to MP3

Here is episode 15. There was a lot to cover in this episode.  Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time.  Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.

BTW, I am a milestone guy, and any time a “0″ or a “5″ is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.

Show notes:

InfoSec News Update: whole lot of crap!

• FAA Security Breach Exposes 45K Employees
• AV makers Hacked – BitDefender and Kaspersky, More: Full Info on hackers Blog
• Electronics Firm Faces FTC Lawsuit Following Multiple Hacks – “The complaint alleges that until at least December 2007, Compgeeks (geeks.com) routinely stored this sensitive information in unencrypted text on its corporate computer network, among other security failures. The complaint also charges that the respondents did not adequately assess whether its Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as SQL injection.”
• Identity thieves beat Obama to stimulus package punch
• Obama’s new CyberSec Chief Named
• Federal Workers Warned Of Potential Data Compromise At SRA
• Jailed SF network admin files $3M claim – Looks like the S.F. Mayor has some l33t admin skills because “Childs, formerly a network administrator with the city’s Telecommunications and Information Services (DTIS), had argued that the department’s staff was incompetent and that the mayor was the only person qualified to handle the passwords.”
• Heartland Breach Follow up – 157 institutions claiming issues – includes Bermuda, Canada, and Guam
• War cloning, the “new hacker sport”
• The latest MS Patches – One is for MS SQL, and there is exploit code out there

Discussion: File Under DUH! Unauthorized Web Use On The Rise

Consultants Corner: How does “Compliant” equal Owned?

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Munk – “DirtyWork”
• Segway 2 – Patent Pending – “Cheer up Emo Kid”
• Segway 3 – Fabienne Delson – “I’m Gonna Catch Me a Rat”