2009 February » An Information Security Place Podcast

An Information Security Place Podcast – Episode 16

Feb 262009

Episode 16 is up and running. Jim and I cover a lot of news again in this episode. Also, Jim goes a little crazy with the geek toys, but it is all really cool stuff and good info. We get into some PCI futures, playing off of Rich Mogull’s ideas on the subject. And we have a good cert discussion as well.

Show notes:

InfoSec News Update:

Another Payment Processor Has Been Hacked
Follow Up from last podcast – Chris Pagets ShmooCon session video is up
Reported raids on federal computer data soar
Backtrack 4 Beta Released
FaceBook Privacy Changes
Acrobat 0-Day running Wild
XSS Stealing Data without a trace -”Our goal was to retrieve Web content anonymously,” says Matthew Flick, principal with FYRM Associates, who, along with fellow researcher Jeff Yestrumskas, demonstrated the XSS Anonymous Browser (XAB) framework at Black Hat DC yesterday. “We [said], ‘Why don’t we volunteer people for our network?’…Cross-site scripting can make people do things we want.
Weaponizing Cyberspace
Threats the Smart Phones Increase
Intel’s new Bios Gets Slapped
Researcher demonstrates SSL attack

Discussion: Continued from Martin’s Network Security Podcast Episode 139 and Rich’s post - Will Outbound monitoring and filtering be the next PCI requirement?

Geek Toys:

GNU Radio Kit – Universal Software Radio Peripheral
Netbooks A Plenty – MSI Wind and Lenovo S Series
Tmobile @home Service

Consultants Corner: Top three security certifications (uhhh, yeah…)

Music Notes:

Intro/Outro – Digital Breaks – “Therapy”
Segway 1 – Electric Touch – “Sounds From the Underground”
Segway 2 – Junkyard Groove – “Thank You”
Segway 3 – InnerLogics – “Bam’s GirlFriend”

An Information Security Place Podcast – Episode 15

Uncategorized No Responses »

Feb 122009

Link to MP3

Here is episode 15. There was a lot to cover in this episode. Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time. Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.

BTW, I am a milestone guy, and any time a “0″ or a “5″ is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.

Show notes:

InfoSec News Update: whole lot of crap!

FAA Security Breach Exposes 45K Employees
AV makers Hacked – BitDefender and Kaspersky, More: Full Info on hackers Blog
Electronics Firm Faces FTC Lawsuit Following Multiple Hacks – “The complaint alleges that until at least December 2007, Compgeeks (geeks.com) routinely stored this sensitive information in unencrypted text on its corporate computer network, among other security failures. The complaint also charges that the respondents did not adequately assess whether its Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as SQL injection.”
Identity thieves beat Obama to stimulus package punch
Obama’s new CyberSec Chief Named
Federal Workers Warned Of Potential Data Compromise At SRA
Jailed SF network admin files $3M claim – Looks like the S.F. Mayor has some l33t admin skills because “Childs, formerly a network administrator with the city’s Telecommunications and Information Services (DTIS), had argued that the department’s staff was incompetent and that the mayor was the only person qualified to handle the passwords.”
Heartland Breach Follow up – 157 institutions claiming issues – includes Bermuda, Canada, and Guam
War cloning, the “new hacker sport”
The latest MS Patches – One is for MS SQL, and there is exploit code out there

Discussion: File Under DUH! Unauthorized Web Use On The Rise

Consultants Corner: How does “Compliant” equal Owned?

Music Notes:

Intro/Outro – Digital Breaks – “Therapy”
Segway 1 – Munk – “DirtyWork”
Segway 2 – Patent Pending – “Cheer up Emo Kid”
Segway 3 – Fabienne Delson – “I’m Gonna Catch Me a Rat”