Mar 192009


Link to MP3

Here is Episode 17. Sorry for the delay in getting it out. Last week was extremely rough for Jim and I, but we are back at full strength now. Well, maybe 85% strength anyway 🙂

In this show Jim and I relate the latest news as always, then we have some discussion about layoffs and how that is causing a lot of orphaned hardware and software. Then we discuss some challenges for the consultant in walking the mind field of politics at client companies.

Also, we had some listener feedback from Geir. He was busting on us a bit about our saying you need to patch your stuff when we were talking about 0day. Thanks for keeping us straight Geir. If you want to send feedback, you can send it to

Here are the show notes:

InfoSec News Update:

  • Follow up – Another Payment Processor Has Been Hacked – Visa says JUST KIDDING! – Link Here – This Just In – A new timeline of the Unnamed Processor – Link Here
  • Gartner – Nearly 8 Percent of U.S. Adults Lost Money To Financial Fraud in ‘08 – Link Here
  • Federal cybersecurity director quits, complains of NSA role – Link Here
  • Health Records Show Up in Yard – Link Here
  • Study: Antivirus Software Catches About Half Of Malware – Link Here
  • MS Finally killing off AutoRun – Link Here
  • Marine One data leak – Link Here
  • The Return of L0phtCrack!! – Link Here
  • WarVox Released – Link Here
  • Theives Steal the Show at Cebit – Link Here
  • Checklist for complying with PCI security standard – Link Here / Link To Checklist

Discussion – Orphaned hardware and Software – Link Here

Consultant’s Corner – Dealing with political landscapes at your client’s company

Music Notes:

Dec 112008


Link to MP3

Show Notes:

Segment 1: InfoSec News Update (Michael gets to do a little talkin’ here – and he promptly screws it up):

  • New Security Awareness video on YouTube – kinda cheesey, but a pretty good production
  • Digittrade HD Encryption Broken– “in our test, unscrewing the housing took longer than cracking its encryption mechanism.”
  • Lenovo’s new Facial recognition software defeated by printed photo
  • Massachusetts new law – 201 CRM 17.00 – “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information” – a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal. Requires – Regular Monitoring, Documenting responsive actions taken during breach, and reasonable monitors of systems.
  • File Under DUH!Symantec Discovers Cybercrime makes money – estimates value around $1.7Bil
  • Really simple PCI FAQ that you should be aware of
  • Apple and the AntiVirus Debate – In a written statement sent to security news site, Apple explained their decision to pull the document: “We have removed the KnowledgeBase article because it was old and inaccurate,” Apple said in a statement sent to SecurityFocus. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.”

Discussion: BLATANT FUDPatching at the Enterprise level – Securina “virtually every Windows PC is at risk” – 98% of Windows computers are missing patches – 46% were missing more than 11 patches

Segment 2: Geek Toys and Consultants Corner

  • Geek Toys – Kensington Portable Power outlet – AS SEEN ON REGIS AND KELLY!!!!
  • Consultants Corner – Helping client dealing with a breach (specifically as how it relates to compliance issues)