Network Security Podcast

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird.

Network Security Podcast, Episode 188, March 9, 2010
Time:  32:01

Show Notes:

• Great coverage of Martin’s RSA panel on disclosure. One of the first with an actual user on the panel.
• Government declassifies parts of the Comprehensive National Cybersecurity Initiative.
• Police get webcam pictures in school spy cases.
• Experts dismiss end to end encryption claims. Bunch of gross generalizations.
• Oops- Vodaphone distributes infected phone.
• … and Energizer distributes malware in USB battery software.
• Tonight’s music: 

Snort was one of the first security tools I ever used.  When I was working in a small computer lab years ago, I set up a Snort sensor just to see what was there.  And there was a lot in that particular environment.  I’ve used it many times since then and I found out at RSA that the first Sourcefire implementation I performed is still in place, basically unchanged since I left.  This is why I always take the opportunity to talk to Marty Roesch at Sourcefire if I can at RSAC.  This time I got a chance to talk to him about the omnipresent APT (he prefer’s using the term APA, coined by @nselby and others), the security existential crisis, the work Sourcefire is doing with Immunet, the Cloud and Sourcefire’s virtual appliances.  All that noise you hear in the background is the Securosis Recovery Breakfast. 

NSP-RSAC2010-Sourcefire.mp3

I’ve been a member of the International Information Systems Security Certification Consortium [(ISC)2] for nearly a decade; I passed my CISSP test in November of 2002 and don’t have to worry much about CPE’s until at least 2011.  So when I was offered an opportunity to talk to Hord Tipton, Executive Director of the (ISC)2, I didn’t hesitate to take them up on the offer.  We started off easy, talking about what’s new at the (ISC)2, and the Safe & Secure Online Program.  Then we moved on to the harder questions, like “What have you done for me lately?” and “What are you doing about people who shouldn’t be CISSP’s in the first place?”  The (ISC)2 is never going to make all of us who are certified happy, and that they are taking some steps to address concerns about unqualified practitioners, but it’d be nice if they were a little more public about it.  Oh, and you’ll hear at the end that the (ISC)2 definitely accepts listening to podcasts for CPE’s.  I forgot to ask about producing them.

NSP-RSAC2010-ISC2.mp3

It’s hard doing interviews on the showroom floor at RSAC.  Even the relatively quiet places are incredibly noisy when you get right down to it.  The good thing is it hopefully masked the worst of my mispronunciation of Roel Schouwenberg’s name.  Roel is the Senior Anti-Virus Researcher at Kaspersky Lab and spent some time talking to me in the Threat Post booth on the showroom floor at RSA 2010.  We started off talking about the omnipresent APT, moved into slicing apart signature-based AV and end up on organized crime and what the future may bring. 

NSP-RSAC2010-KasperskeyLab.mp3

Jan Hichert, CEO of Astaro Internet Security, and I met in one of the quieter hallways of the 2010 RSA Convention.  Of course, ‘quiet’ is a relative term when it comes to RSA, but the audio came out acceptable in any case.  We talked about several of the new products Astaro is offering this year, including Astaro Mail Archiving, Astaro Wireless Security and Astaro RED.  We finished the conversation talking about Jack Daniel’s new position at Astaro, social media and Security BSides.  I think Astaro is one of the few security companies that actually get social media, in large part thanks to Jack. 

NSP-RSAC2010-AstaroSecurity.mp3

While I’m sure Mikko Hypponen, Chief Research Officer at F-Secure, is getting as tired as hearing the term APT* as the rest of us are, he had some insight into what’s really happening with this threat and the fact that it’s not something new, it’s just the acknowledgment that it’s happening that’s new.  He’s been seeing similar attacks going on for nearly six years, what’s changed is the recognition and public attention to the threat that’s something new.  He believes that the organized crime component of malware will be moving to smart phones as the criminals realize that it’s easier to make money quickly and easily from phones than the complicated hoops they have to jump through to make money from computers.

NSP-RSAC2010-FSecure.mp3

* I’m with @CSOAndy who believe the A in APT should stand for Adaptive, not Advance.  It’s much more descriptive of what’s really happening.

I caught up with Pedro Bustamante, Senior Research Analyst from Panda Security, for a brief interview about what his company is doing in 2010.  Panda recently received ICSA Lab certification of their cloud AV product, which required some retooling of the ICSA processes.  Panda is releasing a new, free, no-registration version of their product as well as an upgraded version of their existing anti-virus that includes many of the features that Panda customers have been asking for.  We talked about a new USB vaccine Panda is releasing which ‘inoculates’ a USB drive by writing an unalterable file to the drive before a virus can.  Finally we discussed the sheer amount of data Panda is collecting and how much of it they’re able to process automatically.  But there does, and always will, remain a small fraction of a percent of the data that has to be inspected by human beings to catch the new and the interesting that malware writers are creating.

NSP-RSAC2010-PandaSecurity.mp3

Martin and Rich are away at RSA — and I’m all alone. Well, actually, I have a special guest host: Jamie Arlen (a.k.a. Myrcurial) — and boy did we have a lot to talk about. Tonight’s show is a bigun’, clocking in at about 50 minutes. So, apologies for the lengthy show and file.

Network Security Podcast, Episode 187, March 3, 2010
Time:  51:05

Show Notes:

• RSA: Securing cloud computing is industry responsibility says Art Coviello
• Google Joins the Cloud Security Alliance
• Report: The Command Structure of the Aurora Botnet:History, Patterns, and Findings (Damballa)
• Authorities bust 3 in infection of 13M computers
• Verizon Incident Metrics Framework Released
• Open Wi-Fi ‘outlawed’ by Digital Economy Bill
• Tonight’s music:  Another Devil’s Fool by Freeky Clean

One of the things I don’t believe we see enough of in the security field is independent testing.  Vendors of all stripes make claims about what their products do, and without independent testing it’s hard to tell if they’re the cream of the crop or a bad apple.  ICSA Labs is one of the few companies that do the sort of testing that’s needed to provide the information to tell the two extremes apart.  I took a few minutes to sit down with Andy Hayter of ICSA Labs to talk about anti-virus testing, education of consumers and a new initiative to use the testing ICSA does in the real world.  For the sake of transparency, ICSA is a part of Verizon, the company I work for as well.

NSP-RSAC2010-ICSALabs.mp3

As a PCI QSA, one of the big technologies I’m looking at this show is end-to-end encryption (E2EE).  So it’s no surprise that my first interview of RSA 2010 is with Mark Bower, the Director of Information Protection Solutions at Voltage Security.  We talk about what E2EE is, how it will affect merchants and what we might be seeing in the future from Voltage SecureData Payments POS SDK.  I hope that we’ll see adoption of Voltage’s SDK or something very similar in the coming year, we need to help merchants protect cardholder data as close to the point it enters their network as possible.

NSP-RSAC2010-VoltageSecurity.mp3