Jan 262010


Link to MP3

The first podcast of the new year is here, and it is a nice round number! That is sweet! So please forgive any weirdness in the way this episode sounds. It was put together over a couple of weeks doing interviews here and there with vendors as well as each other while we were at our (Michael and Jim) employer’s annual company meeting. Jim is a miracle worker, but even he could not make it completely fluid!

Also, because of scheduling, Dan did not get to join us. But Jim and I were fortunate enough to be joined by coworker and wireless uber-beast, Mr. Tyler Theys. I think you will enjoy this episode, even with all the weirdness!

Show Notes:

Info Sec News Update –

  • Jim, Michael, and Tyler talk about all the Google Hacking – Link Here

Interview #1 –Michael with Roger Hegland of TruARX

Interview #2 – Jim with Mike Tuchen of Rapid7

“Added Bonus to Our Listeners”

Going to RSA? Join Rapid7 on March 3rd for a party at Ruby Skye. Get on the VIP list for the evening everyone else will be talking about at RSA 2010: www.rapid7.com/forms/rsarsvp.jsp

Discussion Topic – PCI in the Gaming Industry

Music Notes –

Oct 012009


Link to MP3

Episode 26 is here. It almost didn’t happen since Michael was playing remote helpdesk dude for a relative from his hotel room in Dallas right before the recording, but we got it worked out. Enjoy!

Show Notes:

InfoSec News Update –

  • Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
  • Power Grid Takedown – a HowTO – Link Here
  • Court Ruling – Disloyal Computing is Not Illegal – Link Here
  • New OWASP Sponsored Web App Firewall – Link Here
  • MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
  • Trojans getting Smarter – Link Here
  • PCI DSS Update Could Include Virtualization Security – Link Here

Discussion Topic –

Encouraging Bad Behavior via marketing (Identity Guard Commercials)


Consultants Corner – Predicting what Security Consulting will be like in the future – Link Here

Music notes –


Sep 032009


Link to MP3

Hello all you happy people!  Episode 24 is here.  Michael was out sick, so Jim and Dan put it together.  Jim is adamant about sticking to a schedule.  Dang slave driver!

Show Notes:

InfoSec News Update –

  • Credit Unions Under Attack – Link 1 / Link 2
  • Massive SQL Injection Attacks – Link 1 / Link2
  • Cisco Wireless LANS get “Skyjacked” – Link 1 / Link 2
  • Flaw in Sear’s Website Left Database Open To Attack – Link Here
  • WPA/TKIP Can be Broken in 1 Minute – Link 1 / Link 2
  • 100 Dirtiest Web Sites of Summer 2009 – Link Here
  • No Thumbprint, No Check-Cashing, Bank Told Armless Man – Link Here
  • PCI Council Releases recommendation for Preventing Card Skimming – Link 1 / Link 2
  • Federal Certification Program for “Cyber Professionals” / Bill would give President emergency control of the Internet – Link Here

Discussion Topic – Web App Scanners And Web App Firewalls According to Gartner
Link 1 / Link 2

Consultant’s Corner – Updating Tools and Techniques

Music Notes:

Aug 202009


 Link to MP3

We’re back with episode 23.  Jim is back (you can decide if that is good news or bad news), and Dan Kuykendall is joining us again (calls himself the guest that won’t leave the couch).  Thanks for listening…

Show notes:

InfoSec News Update –

  • Big Thank You to all our Clients and the folks that stopped by the Booth and our party at BlackHat!
  • UK ID card Hacked/Cloned in 12 Minutes – Link Here
  • “Mega breaches” use preventable attacks – Link Here
  • Hackers target outsourced app development – Link Here
  • National Retail Federation still struggling with PCI – Link Here
  • Reset Password problems, and reusing passwords in general:
  • “FILE UNDER DUH” – Study warns of cyberwarfare during military conflicts – Link Here

Discusstion Topic – Web Security On Cell Phones – Link Here

Geek Toyz –

Music Notes:

Mar 192009


Link to MP3

Here is Episode 17. Sorry for the delay in getting it out. Last week was extremely rough for Jim and I, but we are back at full strength now. Well, maybe 85% strength anyway 🙂

In this show Jim and I relate the latest news as always, then we have some discussion about layoffs and how that is causing a lot of orphaned hardware and software. Then we discuss some challenges for the consultant in walking the mind field of politics at client companies.

Also, we had some listener feedback from Geir. He was busting on us a bit about our saying you need to patch your stuff when we were talking about 0day. Thanks for keeping us straight Geir. If you want to send feedback, you can send it to podcast-at-infosecplace.com.

Here are the show notes:

InfoSec News Update:

  • Follow up – Another Payment Processor Has Been Hacked – Visa says JUST KIDDING! – Link Here – This Just In – A new timeline of the Unnamed Processor – Link Here
  • Gartner – Nearly 8 Percent of U.S. Adults Lost Money To Financial Fraud in ‘08 – Link Here
  • Federal cybersecurity director quits, complains of NSA role – Link Here
  • Health Records Show Up in Yard – Link Here
  • Study: Antivirus Software Catches About Half Of Malware – Link Here
  • MS Finally killing off AutoRun – Link Here
  • Marine One data leak – Link Here
  • The Return of L0phtCrack!! – Link Here
  • WarVox Released – Link Here
  • Theives Steal the Show at Cebit – Link Here
  • Checklist for complying with PCI security standard – Link Here / Link To Checklist

Discussion – Orphaned hardware and Software – Link Here

Consultant’s Corner – Dealing with political landscapes at your client’s company

Music Notes: