An Information Security Place Podcast

Link to MP3

Episode 21 is up and going. Looks like Jim and I are back on a regular cycle again. Hopefully it stays that way! Here are the show notes:

InfoSec News Update -

• Goldman Sachs looses its secret sauce online – Link Here
• Fed gets and F on Physical Security – Link Here
• North Korea Blamed in Cyber Attacks over July 4th – Link Here
• Juniper Pulls ATM hacking preso from BH – Link Here
• Month of Twitter Bugs – Link Here
• 10 Things Your Auditor Isn’t Telling Your – Link Here
• New head of MI6 wears Speedos on Facebook – Link Here
• Algorithm for Predicting and guessing SSNs – Link Here
• Iphone SMS Vulnerability – Link Here
• Study – Oracle Users struggle with patch management – Link Here

Discussion Topic - Cloud Computing – is it a security nightmare waiting to happen? – Link Here

Consultants Corner - Developing an offering before going public!

Music Notes:

• Intro/Outro – Digital Breaks – "Therapy"
• Segway 1 – Eric Kauschen – "Speed of Light"
• Segway 2 – The WaterMarks – "Shut Down"
• Segway 3 – Megaphone – "Not your enemy"

Link to MP3

Here is episode 15. There was a lot to cover in this episode.  Jim and I were in discussion mode, so be prepared to sit down for a while longer than normal this time.  Jim and I were also in a joking mood and consequently cracked ourselves up on this episode, so enjoy the laughter and comedy at a fellow human’s expense.

BTW, I am a milestone guy, and any time a “0″ or a “5″ is at the end of the episode number, I think it is cool. So 15 is a cool number to me. On to the show notes.

Show notes:

InfoSec News Update: whole lot of crap!

• FAA Security Breach Exposes 45K Employees
• AV makers Hacked – BitDefender and Kaspersky, More: Full Info on hackers Blog
• Electronics Firm Faces FTC Lawsuit Following Multiple Hacks – “The complaint alleges that until at least December 2007, Compgeeks (geeks.com) routinely stored this sensitive information in unencrypted text on its corporate computer network, among other security failures. The complaint also charges that the respondents did not adequately assess whether its Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as SQL injection.”
• Identity thieves beat Obama to stimulus package punch
• Obama’s new CyberSec Chief Named
• Federal Workers Warned Of Potential Data Compromise At SRA
• Jailed SF network admin files $3M claim – Looks like the S.F. Mayor has some l33t admin skills because “Childs, formerly a network administrator with the city’s Telecommunications and Information Services (DTIS), had argued that the department’s staff was incompetent and that the mayor was the only person qualified to handle the passwords.”
• Heartland Breach Follow up – 157 institutions claiming issues – includes Bermuda, Canada, and Guam
• War cloning, the “new hacker sport”
• The latest MS Patches – One is for MS SQL, and there is exploit code out there

Discussion: File Under DUH! Unauthorized Web Use On The Rise

Consultants Corner: How does “Compliant” equal Owned?

Music Notes:

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Munk – “DirtyWork”
• Segway 2 – Patent Pending – “Cheer up Emo Kid”
• Segway 3 – Fabienne Delson – “I’m Gonna Catch Me a Rat”

Link to MP3

Show Notes:

Segment 1: InfoSec News Update (Michael gets to do a little talkin’ here – and he promptly screws it up):

• New Security Awareness video on YouTube – kinda cheesey, but a pretty good production
• Digittrade HD Encryption Broken- “in our test, unscrewing the housing took longer than cracking its encryption mechanism.”
• Lenovo’s new Facial recognition software defeated by printed photo
• Massachusetts new law – 201 CRM 17.00 – “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information” – a civil penalty of $5,000 may be awarded for each violation of 93H. In addition, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal. Requires – Regular Monitoring, Documenting responsive actions taken during breach, and reasonable monitors of systems.
• File Under DUH! – Symantec Discovers Cybercrime makes money – estimates value around $1.7Bil
• Really simple PCI FAQ that you should be aware of
• Apple and the AntiVirus Debate – In a written statement sent to security news site Securityfocus.com, Apple explained their decision to pull the document: “We have removed the KnowledgeBase article because it was old and inaccurate,” Apple said in a statement sent to SecurityFocus. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.”

Discussion: BLATANT FUD – Patching at the Enterprise level – Securina “virtually every Windows PC is at risk” – 98% of Windows computers are missing patches – 46% were missing more than 11 patches

• Follow on – make sure you reboot!!

Segment 2: Geek Toys and Consultants Corner

• Geek Toys – Kensington Portable Power outlet – AS SEEN ON REGIS AND KELLY!!!!
• Consultants Corner – Helping client dealing with a breach (specifically as how it relates to compliance issues)

Music Notes: NEW – CHECK OUT THE LINKS TO THE BANDS ON PODSHOW.COM

• Intro/Outro – Digital Breaks – “Therapy”
• Segway 1 – Portal – “The Simple Things”
• Segway 2 – Shovel 13 – “Show Me Affection”