Network Security Podcast

After a week off, Rich and Zach take the helm again to discuss anything-other-than-PRISM-NSA-SNOWDEN-SECURITY-GOVERNMENT-SURVEILLANCE-OMG-gate.

Network Security Podcast, Episode 316, June 18, 2013

Time: 33:35

Show notes:

• Scores of vulnerable SAP deployments uncovered
• Zamfoo Critical Security Vulnerabilities – They Don’t Seem To Care…
• Zeus Money Mule Recruiting Scam Targets Job Seekers
• 37 critical Java holes to be fixed today
• Windows Security 101: EMET 4.0
• BlackBerry issues ‘critical’ security warning for Z10 phones
• The OWASP Top 10 2013 List Has Been Released

Unrelated: Javapocalypse!

By the grace of the Flying Spaghetti Monster, Rich and Zach pull of something resembling a podcast without their fearless (?), soon-to-be-expat leader Martin. Somewhere between the rants and the lolz lie some actual stories and content.

Network Security Podcast, Episode 315, June 04, 2013

Time: [41]:[30]

Show notes:

• Why we need to stop cutting down security’s tall poppies
• FDIC: 2011 FIS Breach Worse Than Reported
• One Step Forward… Two Steps Back
• US Manufacturing Lobby Presses Obama on China
• Phishing Attack Replaces Android Banking Apps With Malware
• Disclosure timeline for vulnerabilities under active attack (Google)
• Google and the Zero-Day Conundrum (reposted version) - original version (mirror)

Rich is still battling bugs of the “sickness” variety, so Martin and Zach get together for what will be Martin’s last show for a while. As mentioned previously, he’s moving across the pond^Wocean to Sunny London soon, after his annual pilgrimage to Vegas and…Bangkok (?!).

Network Security Podcast, Episode 314, May 28, 2013

Time: 35:24

Show notes:

• Getting started with login verification
• Kim Dotcom Claims Ownership of Two-Factor Authentication
• PayPal.com XSS Vulnerability
• Holder Signed Off on Warrant Identifying Fox News Reporter as Criminal Conspirator
• Skype Beta Plugs IP Resolver Privacy Leak
• AusCERT on the Internet Census: It’s not the fault of “stupid users”
• Tonight’s Music: Lost Days by InchWORM

What didn’t make the show:

• Report: US weapon and aircraft plans stolen
• Blue Coat to acquire Solera and sweeten network-security story as cyberattacks continue

…and now Rich is dealing with an entire family of “sick”. Zach must be empathizing, as he’s also a bit under the weather, but joins Martin for a romp through this week’s stories.

Network Security Podcast, Episode 313, May 21, 2013

Time: 41:13

Show notes:

• Is It Wrong to Use Data From the World’s First ‘Nice’ Botnet?
• Google Reveals How To Hack Google Glass Device (And Void Your Warranty)
• Google On Glass Privacy Issues & Congress: “Social Cues” Will Help, Plus It Takes Trust Seriously
• The man who ‘nearly broke the internet’
• FedRAMP seal of approval clears Amazon for more government work
• Think your Skype messages get end-to-end encryption? Think again
• Elderwood and the Department of Labor Hack

• Tonight’s Music: Zombie Apocalypse by Quiffs n Coffins

Rich is dealing with some sick babies, so Martin and Zach inadvertently make the show about corporate and government (not just the U.S. this time!) surveillance.

Network Security Podcast, Episode 312, May14, 2013

Time: 38:26

Show notes:

• How the Syrian Electronic Army Hacked The Onion
• U.S. Weighs Wide Overhaul of Wiretap Laws
• FBI’s Latest Proposal for a Wiretap-Ready Internet Should Be Trashed
• Bloomberg reporters allegedly used financial terminals to spy on Wall Street
• A Saudi Arabia Telecom’s Surveillance Pitch

• Tonight’s Music: London Girl by Lato

What didn’t make the show:

• Banks Say Fed Should Lead in CyberSecurity for Industry (oddly, hosted on Bloomberg news)
• State Department Demands Takedown Of 3D-Printable Gun Files For Possible Export Control Violations
• Apple deluged by police demands to decrypt iPhones

Long show with short notes this week as Wade Baker of Verizon and Josh Corman of Akamai join us to talk about the Verizon Data Breach Investigations Report.

This is a must-read report and our short podcast can’t possibly do it justice, but we made our best effort.  Listen to the end, we have some big news!

Network Security Podcast, Episode 311, May 1, 2013

Time: 48:49

Show notes:

• The 2013 Verizon DBIR

• Tonight’s Music: Tipping – Marucci – Dube  with I’m Confused

After a hectic couple of weeks — conferences, travel, and city-wide lockdowns – recovery is sorely needed, but we push through a relatively lively show with a teaser for a bigger debate^Wdiscussion slated for next week.  And somehow the podcast just keeps getting a little longer every week.

Network Security Podcast, Episode 310, April 23, 2013

Time: 43:06

Show notes:

• Japanese police ask ISPs to start blocking Tor
• Post Boston: Privacy advocates warn about coming tsunami of surveillance cameras
• Law professor makes a case for legally recognizing the Dangers of Surveillance
• US House of Representatives passes CISPA cybersecurity bill
• Hacking Trial Devoid of Hacking Awaits Jury Verdict
• The update jungle: PC owners have to watch 24 sources for fixes
• Sources: Tea Leaves Say Breach at Teavana

• Tonight’s Music: We’ve Gone Crazy by Soul of the River

What didn’t make the show:

• Sources: Tea Leaves Say Breach at Teavana
• Silicon Valley companies quietly try to kill Internet privacy bill
• The Bearer of BadNews
• Former Hostgator employee arrested, charged with rooting 2,700 servers

Due to a last minute work engagement, Rich is not present on tonight’s show. Martin and Zach attempt to compensate for Rich’s absence by being snark but also half-asleep.  We’ll leave it to you to figure out which half of that we feel is most like Rich.

Network Security Podcast, Episode 309, April 9, 2013

Time: 41:04

Show notes:

• Apple’s iMessage encryption trips up feds’ surveillance
• Google will fight secretive national security letters in court
• Privacy group calls for changes in CISPA cyberthreat sharing bill
• Unlocking the Motorola Bootloader

• Key Lulzsec hackers plead guilty in London courtroom

• What didn’t make it into the show:

• Letting Down Our Guard With Web Privacy

• PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 released (update to a story last week)

• Tonight’s Music: Green Druid with Night Dance

Getting three security professionals to slow down long enough to record a podcast together is always a challenge and tonight was harder than usual.  Part of the problem is that there are so many interesting stories going on right now.  But the fact that we all have jobs and families is a much bigger part of it.  This week we talk about HSM in the cloud, DDoS attacks, and of course, our government spying on us.  Such unfamiliar territory.

Network Security Podcast, Episode 308, April 2, 2013

Time: 40:17

Show notes:

• AWS CloudHSM – Secure Key Storage and Cryptographic Operations
• Killing hackers is justified in cyberwarfare, says NATO-commissioned report
• Spam dispute becomes ‘largest cyber attack’ in history of the internet
• The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)
• That Internet War Apocalypse Is a Lie
• Government Fights for Use of Spy Tool That Spoofs Cell Towers
• FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013
• Permission to Spy: An Analysis of Android Malware Targeting Tibetans
• Security fix leads to PostgreSQL lock down
• Tonight’s Music:  Copesetic with My Old Soul

Well, we’d hoped to avoid the “sleep deprivation” part, but it doesn’t look like that’s going away any time soon. Regardless, we scrounged together a show this week, discussing “hacking”, “anti hacking” (law), and the perils of social networking.

Network Security Podcast, Episode 307, March 26, 2013

Time: 39:40

Show notes:

• Miami’s Voter Fraud Is Only the Beginning of Election Hacking
• Draft House Judiciary cybersecurity bill would stiffen anti-hacking law
• South Korea data-wipe malware spread by patching system
• Weak keys in NetBSD
• mongodb – SSJI to RCE
• FireMe!: A Running List of People Tweeting How Much They Hate Their Jobs
• Tonight’s Music: Open Our Eyes by amplifico