I have to say, this is definitely one of our better episodes. We’re joined this week by Robert “Rsnake” Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security as they discuss their new clickjacking exploit. Robert and Jeremiah kind of stumbled onto a serious browser issue, the details of which started leaking before they really knew what they had. They responsibly decided to hold back the details as some of the worst parts of this are fixed, but were able to share some generalities, the story of how this all happened, and what you can expect when the details are finally exposed.

Before delving into clickjacking, we also spend some time on electronic voting and the top 10 ways to tell if you’ve been exploited (number 11 is if you’ve ever visited ha.ckers.org). Jeremiah and Robert are good friends, so there’s plenty of us having fun at each others expense.

Network Security Podcast, Episode 122. September 30, 2008

Show Notes:

Posted by rmogull, filed under Uncategorized. Date: September 30, 2008, 4:42 pm | 4 Comments »

We had a special guest tonight, fellow podcaster T-Rob Wyatt.  T-Rob is a security professional working on WebSphere MQ and recently started his own deep-dive podcast, The Deep Queue.  Of course, we talked about Palin and her email, but we also tried to talk a bit about what that means to the average computer user.  We got everything out of our system on Palin in one episode, so you won’t be hearing about this again.  Until they catch the guy who’s responsible that is.

We tried streaming again tonight, sorry for not giving any advanced notice.   We’ll try to do better next week.

Network Security Podcast, Episode 121, Septemeber 23, 2008

Show Notes:

Posted by martin, filed under Podcast. Date: September 23, 2008, 6:47 pm | 1 Comment »

Tonight was our first attempt at recording the Network Security Podcast while also streaming it live to the world.  As you might have guessed, there were a few minor glitches, but over all things worked out.  We plan on streaming most, if not all, of the podcasts from now on, though we don’t think there is any way we can get ourselves coordinated enough to actually record the show at the same time every week.  After all, there has to be some randomness to the NSP experience, otherwise it wouldn’t be the NSP.  The URL for the streaming audio is http://hak5radio.com:8000/netsecpodcast.mp3.m3u and we’ll try to tweet and post a note at least a couple of hours before the recording in the future.

We were joined tonight by Justin Searle, Kevin Johnson and Jay Beale from Intelguardians.  As well as discussing the news stories of the week, the guys were here to tell us about a new LiveCD they’ve developed, Samurai.  They saw a hole in the security LiveCD arena and created a Web Testing Framework LiveCD for beginners to learn on and experienced pen testers to use in the real world.  Fun stuff, which is why tonight’s podcast went a little long.

Network Security Podcast, Episode 120 for September 16, 2008
Time:  43:57

Show Notes:

Posted by martin, filed under Podcast. Date: September 16, 2008, 5:28 pm | No Comments »

Rich is back after a week at the Democratic National Convention and a week of vacation with his wife. He’s been out of touch between being in Denver and being off the coast of Alaska. He’d also just arrived home a couple of hours before we started recording, so tonight’s show is short, sweet and to the point. Which is probably for the best, since there were privacy issues up for discussion; I was barely able to keep Captain Privacy at bay.

Network Security Podcast, Episode 119, September 9, 2008
Time: 24:14

Show Notes:

Posted by martin, filed under Podcast. Date: September 9, 2008, 5:50 pm | No Comments »

I just realized that I made a mistake in last week’s show notes (I know, no surprise) and said Rich was on vacation. Really he was doing some top secret work at the Democratic National Convention. Or so he told me. It’s this week that he’s on vacation, so he asked Dennis Fisher, the Executive Editor of TechTarget. Dennis has a lot of industry experience as well as having a viewpoint that’s especially relevant to the listener questions discussed tonight: Is a degree important to a job in security and how to make money as a security blogger (hint: you probably won’t)

Network Security Podcast, Episode 118, September 2, 2008
Time: 30:58

Show Notes:

Posted by martin, filed under Podcast. Date: September 2, 2008, 7:48 pm | No Comments »