Feb 052010


Everyone was here for this episode (meaning Dan, Jim, and Michael), and it was pretty much on schedule this time. We do the normal cutting up, then talk about news and start discussing stuff. Then Dan puts the hurt down on some developer geek speak. You will definitely learn  from stuff from this episode (as opposed to the drivel you get from most of our episodes).  Very good stuff.

BTW, the format of the posts are changing just a bit. While the podcast player will stay where it usually is at the top of the post, the link to the file will now be below the posts. This is changing because when iTunes picks up the text from the feed, it throws the “Link to MP3” text at the top, and it looks weird when looking at the show description in iTunes. Just a minor change really, but just wanted to point it out here in case that is where you grab the file. OK, now on to the show!

Show Notes:

InfoSec News Update –

Discussion Topic #1 – Laptops on Hostile Networks – Link Here

Discussion Topic #2 – DK’s Web App Security Minute… and then some :)

Music Notes:

Link to MP3

Nov 122009


Link to MP3

OK, Episode 27 is FINALLY here.  Sincere apologies to all of our listeners.  We really could not avoid the long break.  Work and family and everything else seriously pounded us this time.  ENJOY!

Show Notes:

InfoSec News Update –

  • FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach – Link Here
  • Senator says the cybersecurity chief should be in DHS, not the White house – Link Here
  • Major SSL Flaw Find Prompts Protocol Update – Link Here
  • Jailbroken iPhones more vulnerable to attack; ikee worm Rick Rolls iPhone users – Link Here
  • New FDIC Phishing Attack – Link Here
  • MSFT trying to walk the annoyance / security fine line with toned down User Access Control (UAC) in Windows 7 – Link Here
  • Awesomely funny story about an IT engineer in Iraq annoying the troops with some bogus war driving – Link Here

Discussion Topic – Highlights from Michael’s NAISG Chapter Meeting

Geek Toys – “Ideas to get your Geek for Christmas”

Music notes –

Aug 082009


Link to MP3

Episode 22 is here. Jim was not available to join me this time (been traveling and real busy), so Dan Kuykendall from NT Objectives was kind enough to fill in as co-host for today. We had some good discussion, and a show that I thought would be a little shorter ended up being pretty long. But it is good stuff. Here are the show notes:

InfoSec News Update –

  • Vulnerable web servers on webcams, NAS, etc – Link Here
  • Obama’s cybersecurity Czar quits – Link Here

People familiar with the matter said Ms. Hathaway has been “spinning her wheels” in the White House, where the president’s economic advisers sought to marginalize her


In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day

cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the

White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official.

  • SSL Under attack this year at BlackHat/Defcon. These attacks don’t attack the math, they attack the (mis)usage of the clients and cert authorities

New Tricks For Defeating SSL In Practice (sslstrip) –Link Here

Researcher Exposes Flaws In Certificate Authority Web Applications – Link Here

  • Defcon goon “Priest” is everywhere – Links Here and Here

Discussion Topic – The ol’ security guidelines / best practices discussion

Consultants Corner – Varied BlackHat / Defcon points –

  • SSL issues
  • Unmasking You talk by Joshua “Jabra” Abraham and Robert “RSnake” Hansen
  • Dan’s general Opinions about web security talks – he was underwhelmed

Music Notes:

Jun 192009


Link to MP3

The long-awaited episode 20 is finally here. Sorry for the crazy long wait!

InfoSec News Update –

  • Data Breach Suit Targets Auditor – Link Here
  • Exobox data leak detection coming out – Link Here
  • "CloudBurst" allows attackers to break VM guest OS and attack Host – Link Here
  • Obama creates the office of Cyber Czar – Link Here
  • Twitter and Iran – Link Here
  • IOSCAT talk from SANS – Link Here
  • Tmobile Breached….Maybe? – Link 1 / Link 2
  • Wireless Keyboard sniffing just got alot easier – Link Here
  • LC6 is Officially Released – Link Here
  • Trojan Attack on ATMs – Link Here
  • Patch Your Blackberry Servers – Link Here

Discussion Topic -Whats the difference between an Auditor and a Assessor?

Consultant’s Corner – To Scope or Not to Scope

Music Notes:

Feb 122009


Link to MP3

Here is episode 15. There was a lot to cover in this episode.  Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time.  Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.

BTW, I am a milestone guy, and any time a “0” or a “5” is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.

Show notes:

InfoSec News Update: whole lot of crap!

Discussion: File Under DUH! Unauthorized Web Use On The Rise

Consultants Corner: How does “Compliant” equal Owned?

Music Notes: