Martin is off in Japan this week, so I’m joined by our good friend Amrit Williams from BigFix and the Techbuddha blog. Amrit and I start off by talking about the rolling blackouts in California and disaster preparedness, before jumping into the week’s security news.

Network Security Podcast, Episode 156
Time:  41:28

Show Notes:

Posted by rmogull, filed under Uncategorized. Date: June 30, 2009, 4:01 pm | 4 Comments »

I had the opportunity to talk to Dr. Suguru Yamaguchi, Professor of the Graduate School of Information at the Nara Institute of Science and Technology, member of the JPCERT and advisor on Information Security for the National Information Security Center, Cabinet Office Japan.  Dr. Yamaguchi presented the opening keynote for the FIRST 2009 Conference here in Kyoto, Japan and talked about Information Security Management  and Economic Crisis.  And at least as interesting for me was having my questions translated into Japanese and asked to Dr. Yamaguchi again to answer in his native language. 

Two of the points I found intensely interesting about Dr. Yamaguchi’s talk were his assertion that businesses should be investing in technology during the down turn rather than cutting back, because the investment now may be what enables there survival and his observation that compromises have an affect on company sales in the Asia Pacific region.  I don’t believe we’re seeing the same sort of downturn in sales when a compromise happens to an American company and would like to know why there is such a difference.

FIRST 2009 Episode 7:  Interview with Dr. Suguru Yamaguchi – Japanese

FIRST 2009 Episode 7:  Interview with Dr. Suguru Yamaguchi – English

Posted by martin, filed under Podcast. Date: June 29, 2009, 7:31 pm | No Comments »

We start the show off by wishing Martin luck with his presentation at the FIRST conference in Kyoto, foolishly trusting Rich with the keys to the podcast. Then Rich fawns over his iPhone 3GS a little too much, but he does manage to talk about some cool new security features.

Rich also rants a little on one of our PCI stories, and Martin updates us on his XBox wireless situation. Finally, we geek out a bit on Adam Savage appearing at DefCon.

Network Security Podcast, Episode 155
Time:  35:28

Show Notes:

Posted by rmogull, filed under Podcast. Date: June 23, 2009, 4:56 pm | 1 Comment »

This week we had a chance to talk to Jeff Moss, the founder of a couple minor security events, Black Hat and Defcon.  Of course some would say that they’re the biggest social events of the year, along with having the best presentations on cutting edge security research, but what do they know.  A lot apparently, given the number of security professionals and hackers who’ll be be making the trip to Las Vegas at the end of July to attend both of these events.

Jeff was recently asked to be a part of the Homeland Security Advisor Council, a diverse group of sixteen individuals who will be advising the DHS and Secretary Napolitano on the security concerns they’re seeing in the real world.  This group includes Govenors, both past and present, Mayors, CEO’s and Presidents, though Mr. Moss is the only computer security expert.  Jeff is still learning about what this really means, but we spent a significant part of the interview talking about what it means and the agendas he personally would like to see pushed at the DHS.  One of his big concerns is the tradeoff we’re making between security and privacy and if anyone is taking steps to measure those tradeoffs. 

Network Security Podcast, Episode 154, June 16, 2009
Time:  45:34

Tonight’s Music: Song of Sixpence by 4 and 20 Blackbirds

Posted by martin, filed under Podcast. Date: June 16, 2009, 5:01 pm | No Comments »

Rich was somewhere in the air over the Midwest today, which would have made recording a podcast questionable at best.  So rather than take any chances with technology, we got a stand in for him in the form of our very own Security Curmudgeon, Jack Daniel.  I met Jack face to face for the first time at one of the first big ’security’ conferences I’d ever been to on the East Coast, Shmoocon 2007.  I haven’t made it back for another conference recently, but when I do, I’m sure that there will be people like Jack who will give me a warm welcome.

Jack and I spend a little time bashing the CISSP yet again, we talk about some very interesting news stories and wrap up discussing getting involved in the security community.  All in all, another good show.

Network Security Podcast, Episode 153
Time:  41:41

Show Notes:

Posted by martin, filed under Podcast. Date: June 9, 2009, 8:48 pm | No Comments »

I’ve been so busy lately that I only realized when I edited episode six of the Forum for Incident Response and Security Teams (FIRST) that I hadn’t posted that fifth episode was available, which it has been for a week.  In episode five, I interviewed Jeff Crume, the Executive IT Security Architect for IBM Compliance Solutions.  Jeff will be giving a presentation at the conference, “What the Hackers Still Don’t Want You to Know”, a follow-up to his book “What Hackers Don’t Want You to Know”.  In episode six, I had a conversation with Slawek Legier from VeriSign about his talk “On-line Fraud Prevention and Detection – Multiple Layers of Security”.  We also discuss what value he sees in being a member of FIRST.

FIRST Podcast, Episode Five:  Jeff Crume
FIRST Podcast, Episode Six:  Slawek Legier

Posted by martin, filed under Podcast. Date: June 5, 2009, 6:21 am | No Comments »

We hope no one begrudges us for taking last week off due to the holiday, and we’re back this week with all your juicy security goodness. After a short discussion of our mutual weekends spent recovering old hard drives and systems, we talk about the upcoming Black Hat and DefCon conferences before digging into the news. We discuss stories from a return of the L0pht Heavy Industries, to White House speeches, and Mac security.

Network Security Podcast, Episode 152, June 2, 2009

Time:  35:36

Show Notes:

Posted by rmogull, filed under Podcast. Date: June 2, 2009, 6:08 pm | 1 Comment »

We probably more the doubled the number of stories we talked about this week, but we only added about 8 minutes to the length of the podcast. You can consider this the “death by a thousand cuts” podcasts as we cover a string of shorter stories, ranging from a major IIS vulnerability, through breathalyzer spaghetti code, to how to get started in security.

We also spend a bit of time talking about Black Hat and Defcon, and celebrate hitting 500,000 downloads on episode 150. Someone call a numerologist!

Network Security Podcast, Episode 151, May 19, 2009
Time:  42:24

Show Notes:

Posted by rmogull, filed under Podcast. Date: May 19, 2009, 7:56 pm | No Comments »

Continuing education is an important part of being a security professional and a required part of the different certifications we acquire to support our careers.  For this year’s FIRST conference in Kyoto, the organizers have worked with a number of certification institutions and coordinated continuing education credits for most of the major certifications.  This week I have a conversation with Traci Wei, one of the organizers of this years FIRST conference to talk about the benefits of attending in completing your collection of CPE’s for the year.

FIRST Podcast, Episode 4:  Traci Wei on the importance of continuing education credits

Posted by martin, filed under Podcast. Date: May 18, 2009, 6:25 am | No Comments »

This is one of those good news/bad news weeks. On the bad side, Rich messed up and now has to retake an EMT refresher course, despite almost 20 years of experience. Yes, it’s important, but boy does it hurt to lose 2 full weekends learning things you already know. On the upside, this is, as you probably noticed from the title of the post, episode 150! No, we aren’t doing a 12 hour podcast like Paul and Larry did (of PaulDotCom Security Weekly), but we do have the usual collection of interesting security stories.

Network Security Podcast, Episode 15, May 12, 2009

Time:  38:18

Show Notes:

Posted by rmogull, filed under Uncategorized. Date: May 12, 2009, 5:46 pm | 1 Comment »

« Previous Entries