May 192011
 

 

I am tired of making excuses about us being late, so here is friggin’ episode #05-2011. Have fun!

Show Notes:

InfoSec News Update -

Discussion Topic – Scoping too small…

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
  • July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3

Apr 142011
 

 

Hey, all three of us are here, and on schedule…. somebody check the temp outside :)

Show Notes:

InfoSec News Update -

 

  • TexSecConTriangle.com coming soon – HouSecCon, BSidesDFW, and LasCon
  • Gonzales Update – Link Here
  • Dropbox Pwnage -Link Here
  • TX exposes 3.5 Mill records – Link Here
  • Yet another Security Company Fail – Link Here
  • IPhone keylogger – Link Here
  • Law Firms Under Siege – Link Here

Discussion Topic – Reading the Fine Print in Cloud Computing – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
  • May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
  • Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
  • Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3


Apr 012011
 

 

So it took a bit longer this time due to scheduling, and bodily harm on Michael’s part… but we finally got another episode recorded. Enjoy.

Show Notes:

InfoSec News Update -

Discussion Topic – How Detailed is Your DR Plan?

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
  • May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
  • Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
  • Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”

News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”


Link to MP3


Feb 242011
 

 

We have a little bit of innuendo humor on this episode, and we all break into some hysterics (it’s all in the geek toys section, so fast forward if you want to hear all that). Around that is some information and opinion on InfoSec stuff. We figured we would throw that in there because of the name of the podcast, but whatever…

Show Notes:

InfoSec News Update -

  • HouSecCon 2011 Call for Papers – Link Here
  • Busting DLP Myths or Playing with Hype? Link Here
  • Google collecting kid’s info (including last 4 of SSN) for Doodling contest – Link Here
  • Smartphone security threats overdramatized – Link Here
  • 7 Deadly Sins – Link Here
  • Another certification debate – Link Here
  • Abusing HTTP Status Codes to Expose Private Information – Link Here

Geek Toys –

Discussion Topic – Saying No to Bad Patents – Link 1 / Link 2 / Link 3

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Feb 26th – in Carlsbad NM
  • March 19 – The American Airlines Center at the Dallas Stars Hockey Game

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to file

Feb 042011
 

 

Thomas Jefferson said, “Delay is preferable to error.” Martin Luther said, “Who waits until circumstances completely favor his undertaking will never accomplish anything.” So depending on which quote you like, we either took a long time to record a new episode so we would do it right, or we are just a bunch of slackers. I prefer the former, but I am biased…

In either case, we’re back, and in the immortal words of Rivethead, we’re “Stirring It Up Again” (you’ll read about Riverthead below and hear about them in the podcast).  Jim, Dan, and I got together on a cold and stormy night (at least in Houston and Denver) to talk about all things InfoSec.  Show notes are below.  Oh, and yes, we are going with a new theme for numbering our episodes.  I think it takes away the pressure a little myself since I don’t have to worry about huge numbers for episodes.  Of course, I’ll have to count now, which sucks (thanks Jim).

Show Notes:

InfoSec News Update -

  • Study shows non-compliance more expensive than compliance (study was sponsored by Tripwire) – Article Link / Report Link
  • Security Fail – When Trusted IT members go bad!! – Link Here
  • “It’s a CIO’s worst nightmare: You get a call from the Business Software Alliance (BSA), saying that some of the Microsoft software your company uses might be pirated.

    You investigate and find that not only is your software illegal, it was sold to you by a company secretly owned and operated by none other than your own IT systems administrator,
    a trusted employee for seven years. When you start digging into the admin’s activities, you find a for-pay porn Web site he’s been running on one of your corporate servers.
    Then you find that he’s downloaded 400 customer credit card numbers from your e-commerce server.

    And here’s the worst part: He’s the only one with the administrative passwords.”

  • Looking back at old security news – have we made progress?? – Link Here (Registration required for full article)
  • A SLOW Death! – Link Here
  • Egypt gets Internet connection back – Link Here
  • Ever Cookie’s Anyone? – Link Here

Discussion Topic #1 – CSRF and Clickjacking – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Feb 19th – Playing Curtain Club Dallas, TX
  • Feb 26th -  in Carlsbad, NM
  • March 19th – American Airlines Center at a Dallas Stars Hockey game
  • Intro – RivetHead – “Stirring It Up Again”
  • Outro – RivetHead – “Zero Gravity”
  • Link to MP3

    Jun 232010
     

     

    All three of us are on this time. Some good talk about disclosure and web app firewalls, and Google, and some other stuff. Enjoy!

    Show Notes:

    InfoSec News Update -

    Discussion Topic #1 – Google Is Watching Your Wifi, But do You Really Care?

    Discussion Topic #2 - Ye’ Old “Disclosure” Debate…Again?!? Link 1 / Link 2

    Music Notes –

    Link to MP3

    Jun 032010
     

     

    So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

    Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

    Info Sec News Moments:

    • Kudos to MS’ IE 8 Add Campaign – Link Here
    • Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
    • Android and the SMS Rootkit Hack – Link Here
    • Google Ditching Windows due to Security Concerns – Link Here
    • Denver OWASP – SnowFroc Con – Link Here

    Music Notes:

    Link to MP3

    May 032010
     

     

    Episode 35 is here. The format is different today. Instead of you listening to Dan, Jim, and me yap about news and pontificate about security topics, you are going to hear a talk I gave at the Texas Technology Summit in early April 2010.  The talk title and synopsis are below, along with a link to the slide deck.

    Title: Breaking Down the Enterprise Security Assessment

    Synopsis: Many enterprise security assessments look at too few attack vectors or do not dig far enough into the attack vectors once a vulnerability has been discovered.   Come join a discussion on the breakdown of a security assessment, explore the essential attack vectors, and debate the depth to which the assessment should go.

    Link to MP3

    Link to slides

    Apr 162010
     

     

    We are really sorry for the long delay, but all three of our schedules have been packed for the last 2 months. But I’m sure you don’t want to hear any excuses, so without further hesitation… Here’s Episode 34.

    Show Notes:

    Kudos to Tommy Perniciaro for article at SC Magazine – Link Here

    InfoSec News Update –

    • Physical Security on Mac sucks – Link Here
    • What Drives Corporate Security Spending? – Link Here
    • Crazy Patch Week – Link 1 / Link 2
    • Federal Court Uphold Border Searches for Laptops – Link Here
    • Are Bank Breaches Still Trending High in 2010 -Link Here
    • So Easy, Even a Celebretard Can Do It! – Link Here
    • Perceptions Of Security Vary Widely Between IT Management, Security Staff – Link Here
    • Slow Death of XSS Vulns – Link Here

    Discussion Topic #1 – Integration of Web Vuln Scanners with IPS/WAFs

    Discussion Topic #2 - Update your End user Awareness Training and stop blaming your users!

    Link 1 / Link 2 / Link 3

    Music Notes:

    Link to MP3

    Mar 122010
     

     

    Yes, the logo is weird this time.  If you can’t tell what it is, maybe this will help.  For the first time ever (and probably the only time since I don’t get to Atlanta much), An Information Security Place Podcast has joined forces with the  Southern Fried Security Podcast to create a joint episode.  Can you see it now??  Yes, that is the logo for An Information Security Place Podcast placed over Colonel Sander’s face (he is the patron saint for the SFS podcast).  Yea,  I thought it was actually kinda freaky, too.  but what else do I have to do with my time??

    So we joined forces for a couple of reasons:

    1. Because I was in Atlanta to speak about security assessments at the local NAISG chapter.
    2. I begged Martin to let me post it up as episode 33 over here since Dan, Jim and I haven’t had a chance to record yet, and this makes it all better!

    So we stayed in the same room where the event was held and got irradiated by a myriad of computer and sound equipment while recording the podcast.  I had to wear someone’s headset, and now I have some kind of weird rash and some minor swelling around my ears.  And to make it even more fun, Mike Rothman sat across from us the whole time and heckled us.  What a night.

    Actually, I had an awesome time.  Very good times with very good friends.  Thanks to the whole Atlanta NAISG crew and the SFS podcast crew (Andy Willingham, Martin Fisher, and Steve Ragan) for inviting me in with typical southern hospitality (even though Steve is a Yankee).

    As to show notes, I am lazy.  I am only going to have one note (below) because it is the one news item that I brought along and the ONLY one that Andy didn’t include in his notes (in fairness, I never sent him the link).  Here’s a link to the SFS podcast site with the rest of the notes.   (Hey, Andy did the hard work – why duplicate efforts??)

    • Caleb Sima says that developers shouldn’t learn anything about security – Link here

    Link to MP3

    Vet