07 May
No podcast this week
We’ll be returning to our regularly scheduled podcast next week. I was sick and Rich is preparing for some travel. Until next week.
Despite technical difficulties and the non-cooperation of my DSL line, Rich and I were joined by none other than Paul Asadoorian from the PauldotCom Security Weekly podcast. We thought we were doing good. Then my DSL line went down. And my backup connection sounded like crud. So we were on my cell phone to a skype account and recorded on Rich’s end. Not our preferred method of recording to be sure.
Our first topic of conversation was getting into a security career and the CISSP. Each of us have had very different paths to get to this point in our careers and we don’t expect to see a ‘one size fits all’ path into security any time soon. We talked about several interesting news articles in a bit more technical depth than usual, thanks in part to Paul’s presence. And we wrapped up with a brief discussion about the rocket ride that has been Paul’s career in podcasting.
Show Notes:
- Lateral SQL Injection - Using the Date function in Oracle maliciously
- Experts warn over SQL injection attacks
- Researchers find new flaw in QuickTime for Windows
- Crooks Rig ATM with Eee PC to Steal Credit Card Info - Stupid Crooks that is.
- Data Classification is Dead - Rich says so!
- The legal implications of the PCI Data Security Standard.
- Questions about Web Server Attacks
- [In]Secure Magazine Episode 16 is out!
- Tonight’s Music:Rich’s GarageBand Experiment (With Easter Egg!)
Network Security Podcast, Episode 103, April 29, 2008
Time:
Rich and Martin tried to make up for last week’s podcast by keeping things a little shorter tonight. The operative term of course is ‘tried’; we managed to shave a couple of minutes off the podcast, but that’s about it. Tonight’s theme was vulnerabilities in web sites, ranging from the Obama site being hacked to Dan Kaminsky’s latest DNS issues and on to PCI requirement 6.6. There was a lot going on tonight and we could have almost made a show from any one of these topics.
Show Notes:
- Hacker Redirects Barack Obama’s site to hillaryclinton.com
- ISP’s Error page adds let hackers hijack entire web, researcher discloses - Just a little bit of hyperbole here
- PCI Requirement 6.6
- Was PCI 6.6 clarification just leaked?
- Hot off the press — PCI 1.1 Requirement 6.6 finally (and officially) clarified
- Security expert discusses a possible future for PCI-DSS … it’s grim
- Prediction: RSA Conference will shrink like a punctured ballon Now that Bruce said it, it must be true.
- RSA Conference: Security Bloggers Community
- Tonight’s Music: The Alrights with Happy Birthday Universe
Network Security Podast, Episode 102, April 22, 2008
Time: 27:20
Rich was able to corral Andrew Jaquith for a few minutes between sessions, no easy task considering his packed RSA schedule. Andrew is one of the top analysts out there, and the author of Security Metrics.
Rich and Martin review some of the events that went on at RSA, including Rich’s Analyst panel and Thursday morning’s ‘Avoiding the Security Groundhog Day’ panel. Neither of us were all that impressed with the showroom floor or the keynote speeches given at RSA, but we both enjoyed getting reacquainted with the security professionals we tend to only catch up with at events like this. Finally we talked about what events we’d go to in pursuit of furthering a burgeoning security career. And just in case you’re wondering where Episode 100 is, it was the live video we took last week at the Security Bloggers Meetup. Not that anyone could have missed it, given the amount we’ve been talking about it lately.
Tonight’s Music: Pride by Paula Toledo
Network Security Podcast, Episode 101, April 15th, 2008
Time: 42:26
Rich caught up with David Mortman, the CSO in Residence at Echelon One. David talks about some of our conclusions from the Security Groundhog Day panel that we were all on.
10 Apr
Security Bloggers Meetup
Here’s the video from the Security Bloggers Meetup last night.
10 Apr
Live video from RSA
The video will be streaming shortly from the RSA Security Bloggers Meetup on Ustream.
Brian Smith, Chief Architect of TippingPoint takes a few minutes to talk about the different priorities of an IDS versus an IPS, and about the possible convergence of markets like firewall and NAC.
09 Apr
RSA 2008: Rick Moy, NSS Labs
NSS Labs is an independent testing lab that certifies firewalls, UTM’s and a host of other products for compliance with programs such as PCI. Martin had a chance to talk to Rick Moy for a few minutes and talk about the proper use of these reports.