Feb 232010
 

Just realized that iTunes picked up Episode 31 instead of episode 32 on the latest post.  I had to delete the enclosure in WordPress and then recreate it.  Not sure what happened.  If you subscribe to the podcast via iTunes, you may need to delete Episode 32 and then update.  Sorry about that!

Feb 182010
 

 

OK, holy crap.  We expected this episode to be pretty short since Jim was not around to add his golden commentary, but we got to yappin’ and churned out almost an hour of content (I use that term loosely).  So enjoy the show!

Show Notes:

InfoSec News Update –

  • Iran Shutters Google’s Gmail Service, offering own email for citizens – Link here
  • Security Scoreboard – Link here
  • Brian Kreb’s has blog post used by scammers – Link here and Sophos article link here
  • The Death of Product Reviews (Mike Rothman at Securosis) – Link here
  • TSA agent arrested for molestation – Link here
We won’t get intot he details here because this guy is sick, but I had to point out this line from the TSA blog about the issue:
“TSA holds the highest standards for our workforce and this individual’s actions do not reflect on the more than 50,000 men and women who work every day to keep the traveling public safe.”
  • Hacker threat forces DoH to close appraisal site (Political Activist?) – Link here
Discussion Topic – Smaller, more intimate security conferences (Security B-Sides, Schmoocon, etc)
Feb 052010
 

 

Everyone was here for this episode (meaning Dan, Jim, and Michael), and it was pretty much on schedule this time. We do the normal cutting up, then talk about news and start discussing stuff. Then Dan puts the hurt down on some developer geek speak. You will definitely learn  from stuff from this episode (as opposed to the drivel you get from most of our episodes).  Very good stuff.

BTW, the format of the posts are changing just a bit. While the podcast player will stay where it usually is at the top of the post, the link to the file will now be below the posts. This is changing because when iTunes picks up the text from the feed, it throws the “Link to MP3” text at the top, and it looks weird when looking at the show description in iTunes. Just a minor change really, but just wanted to point it out here in case that is where you grab the file. OK, now on to the show!

Show Notes:

InfoSec News Update –

Discussion Topic #1 – Laptops on Hostile Networks – Link Here

Discussion Topic #2 – DK’s Web App Security Minute… and then some :)

Music Notes:

Link to MP3

Jan 262010
 

 

Link to MP3

The first podcast of the new year is here, and it is a nice round number! That is sweet! So please forgive any weirdness in the way this episode sounds. It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting. Jim is a miracle worker, but even he could not make it completely fluid!

Also, because of scheduling, Dan did not get to join us. But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys. I think you will enjoy this episode, even with all the weirdness!

Show Notes:

Info Sec News Update –

  • Jim, Michael, and Tyler talk about all the Google Hacking – Link Here

Interview #1 –Michael with Roger Hegland of TruARX

Interview #2 – Jim with Mike Tuchen of Rapid7

“Added Bonus to Our Listeners”

Going to RSA? Join Rapid7 on March 3rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp

Discussion Topic – PCI in the Gaming Industry

Music Notes –

Dec 232009
 

 

Link to MP3

Merry Christmas to all our listeners! It’s that time of the year again where we sit down and make a fun podcast and recap the year and look forward to next year. Heck there was even a Christmas Miracle on this episode… it was actually recorded on time !!!! So sit back with your eggnog next to the Yule log fire under the stockings and enjoy!

Show Notes:

InfoSec News Update –

Discussion Topic –

2009 Year in Review and Looking Forward Predictions to 2010 –

Link 1 / Link 2 / Link 3

Music Notes –

Dec 112009
 

 
Link to MP3

OK, this was just a stupid, crazy episode, and fun episode. We had technical hiccups, a roving co-host that likes to text another cohost, plus this episode is late getting recorded because of end-of-year schedule. but we got through it, and I think you are really going to enjoy the randomness…

Show Notes:

InfoSec News Update and Geek Toys Update –

  • T-Mobile Employee causes largest data theft in the UK – Link Here
  • Government Security Woes
    Story 1 – 5 TSA workers put on leave over online posting – Link here
    Story 2 – The Party Crashing Scandal – Link Here
    Story 3 – Felon working for DHS for 2 years – Link Here
  • Nessus 4.2 is released – Link Here
  • Rapid7 and Metasploit Community Projects – Link 1 / Link 2
  • ProxMark3 now shipping completed RFID read/write/clone kits – Link here
  • Moxie launched cloud-based WPA password Cracking – Link Here
  • Cure for Eye Strain – Gunnar Glasses – Link Here

Discussion Topic –

Changes to OWASP standard for 2010 –

Link Here

Consultants Corner – Picking your tools wisely… 2009/2010 update

Music Notes –

Nov 122009
 

 

Link to MP3

OK, Episode 27 is FINALLY here.  Sincere apologies to all of our listeners.  We really could not avoid the long break.  Work and family and everything else seriously pounded us this time.  ENJOY!

Show Notes:

InfoSec News Update –

  • FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach – Link Here
  • Senator says the cybersecurity chief should be in DHS, not the White house – Link Here
  • Major SSL Flaw Find Prompts Protocol Update – Link Here
  • Jailbroken iPhones more vulnerable to attack; ikee worm Rick Rolls iPhone users – Link Here
  • New FDIC Phishing Attack – Link Here
  • MSFT trying to walk the annoyance / security fine line with toned down User Access Control (UAC) in Windows 7 – Link Here
  • Awesomely funny story about an IT engineer in Iraq annoying the troops with some bogus war driving – Link Here

Discussion Topic – Highlights from Michael’s NAISG Chapter Meeting

Geek Toys – “Ideas to get your Geek for Christmas”

Music notes –

Oct 012009
 

 

Link to MP3

Episode 26 is here. It almost didn’t happen since Michael was playing remote helpdesk dude for a relative from his hotel room in Dallas right before the recording, but we got it worked out. Enjoy!

Show Notes:

InfoSec News Update –

  • Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
  • Power Grid Takedown – a HowTO – Link Here
  • Court Ruling – Disloyal Computing is Not Illegal – Link Here
  • New OWASP Sponsored Web App Firewall – Link Here
  • MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
  • Trojans getting Smarter – Link Here
  • PCI DSS Update Could Include Virtualization Security – Link Here

Discussion Topic –

Encouraging Bad Behavior via marketing (Identity Guard Commercials)

 

Consultants Corner – Predicting what Security Consulting will be like in the future – Link Here

Music notes –

 

Sep 162009
 

 

Link to MP3

Episode 25 is here.  Today’s podcast is different than our usual.  Instead of having Jim, Dan, and Michael spout off and pontificate, we have Michael interviewing Wesley McGrew from McGrew Security.  Wesley is a security researcher at Mississippi State University’s Critical Infrastructure Protection Center, where he works to find vulnerabilities in SCADA software.  He also operates mcgrewsecurity.com , where he blogs about information security topics.

Wesley caught a script-kiddie back in June trying to do some pretty weak SCADA hacking at a Dallas-area hospital.  He and Michael talked about the adventure.  They also discussed some of Wesley’s future plan (not much since he couldn’t divulge a lot- oooo, mysterious!).  So enjoy the show.  Links to the blog posts from Wesley’s script kiddie adventure are below.

Sep 032009
 

 

Link to MP3

Hello all you happy people!  Episode 24 is here.  Michael was out sick, so Jim and Dan put it together.  Jim is adamant about sticking to a schedule.  Dang slave driver!

Show Notes:

InfoSec News Update –

  • Credit Unions Under Attack – Link 1 / Link 2
  • Massive SQL Injection Attacks – Link 1 / Link2
  • Cisco Wireless LANS get “Skyjacked” – Link 1 / Link 2
  • Flaw in Sear’s Website Left Database Open To Attack – Link Here
  • WPA/TKIP Can be Broken in 1 Minute – Link 1 / Link 2
  • 100 Dirtiest Web Sites of Summer 2009 – Link Here
  • No Thumbprint, No Check-Cashing, Bank Told Armless Man – Link Here
  • PCI Council Releases recommendation for Preventing Card Skimming – Link 1 / Link 2
  • Federal Certification Program for “Cyber Professionals” / Bill would give President emergency control of the Internet – Link Here

Discussion Topic – Web App Scanners And Web App Firewalls According to Gartner
Link 1 / Link 2

Consultant’s Corner – Updating Tools and Techniques

Music Notes:

Bitnami