Rich and I are back from RSA, rested and ready to go!  Baah, who am I kidding; here it is four days later and we’re both still so tired we’re barely able to talk coherently.  Not that we’d let that stop us from recording a podcast.  Never has and probably never will.  In any case, we start tonight with a recap of some of our observations of the 2009 RSA Conference and move on to the current media hype over the swine flu.  Use the swine flu as a learning exercise in how to cope with media hype, a good excuse for reviewing your own disaster preparedness plans and a way to get some of the same issues dealt with by your management.  The hours you spend looking at your options today may save you hours or days down the line.

Network Security Podcast, Episode 148, April 28, 2009
Time:  40:06

Show Notes:

Posted by martin, filed under Podcast. Date: April 28, 2009, 8:43 pm | No Comments »

The Verizon 2009 Data Breach Investigation Report is one of the most important articles to be posted to the Internet so far this year if you’re a security professional.  Not only does it give us an honest view into what’s happening in real world breaches, it gives us ammunition to take to management in the form of real numbers from data breaches and what caused them.  Real world numbers are always better than our suppositions when trying to prove something to management.

I got a chance to talk to Wade Baker, one of the primary authors of the Verizon report, last week at the RSA Conference.  We talk about how the Breach Investigation Report, how security professionals are using it and the possibility that Verizon may be releasing their methodology so that other companies who respond to breaches can contribute to the statistics.  Personally love to see a wider variety of breach information added to the statistics so we can see if the cases Verizon is being called in on are the the norm or if there’s something anomalous about their experience.  More data and better statistics can’t help but give us more ammunition to help secure our enterprises.

NSP Microcast RSAC 2009 – Wade Baker from Verizon

Posted by martin, filed under Podcast. Date: April 28, 2009, 7:43 am | No Comments »

I’m the first to admit that my own direct experience at forensics is limited, but what I’ve seen has always been done using a set of tools collected and mastered by the individual responding to the incident and that any framework surrounding the response has been developed through experience.  It’s hard work that takes a very specific skill set that only a limited number of individuals have.  I don’t have those skills and admire those who do.

I had a chance to sit down on the show room floor at the RSA Conference and talk to Dave Merkel about Madiant’s ‘red box’ Intelligent Response (MIR).  Intelligent Response allows the forensics responder to collect important information from a large number of hosts quickly, and more importantly, consistently.  Once the vector of infection or attack has been identified, MIR can be used to scan the systems with very specific instructions, allowing the specialist to find other compromised systems quickly and with a high degree of confidence.

Dave Merkel and I talk about how Madiant works as well as his opinions about recent news of breaches and compromises.  If anything, Dave thinks some of the reports on SCADA compromises may be under reported, something that really makes me worry. 

NSP Microcast RSAC 2009 – Dave Merkel from Madiant

 

Posted by martin, filed under Podcast. Date: April 26, 2009, 9:51 pm | No Comments »

I caught up with Gary Palgon, VP of Product Management at  from nuBridges.  nuBridges is a tokenization vendor, meaning that they provide a way for a business to use a value that is hashed from the original data but can’t be reversed to discover what the original value is.  In the case of many of the people I deal with regularly, this would mean credit card numbers.  The merchant supplies the card number to the tokenization server, the server stores the card number in a safe, encrypted fashion and a token is used in place of the original card number anywhere it’s needed in the enterprise.  Because only the token is stored in most places throughout the enterprise, the scope of a PCI assessment is greatly reduced and cardholder data is much more secure than if it was in each of the datababases.

nuBridges has announced Format Preserving Tokenization, which allows the user to create a token that meets a wide variety of needs, such as keeping the string length or preserving the last four digits of a card number as part of the token.  This allows for uses such as allowing a customer’s ID to be verified by asking the last four digits of a social security number without revealing the whole number. 

NSP Microcast RSAC 2009 – Gary Palgon from nuBridges

Posted by martin, filed under Podcast. Date: April 23, 2009, 8:34 am | No Comments »

Rich and I tried our best to get a podcast recorded and posted last night, and we were partially successful; at least we got the podcast recorded.  But the editing and posting part was well beyond my capabilities once I got back to the hotel room last night.  But it’s here, bright, shiny and new first thing in the morning.

RSA has been a hectic and exhilarating event so far, and the best part is yet to come!  Rich and I had just finished our panel discussion, Avoiding Security Groundhog Day, and were joined by Rich’s partner at Securosis, Adriane Lane.  We found the quietest spot possible at RSA, which happened to be the near the top of the escalators.  Yes, quiet space really is that rare at RSA. 

Network Security Podcast, Episide 147, April 21, 2009
 

Posted by martin, filed under Podcast. Date: April 22, 2009, 7:26 am | No Comments »

I’m getting to talk to a lot of interesting people from parts of our industry that I might never have had access to before, thanks to the Forum of Incident Response and Security Teams.  This week’s example is Jeff Carpenter the technical manager at the CERT Coordination Center.  Jeff is also one of the people responsible for organizing this year’s FIRST Best Practices Contest.  This year the topic is Detect, which is a topic near and dear to Jeff’s heart, since that’s a large part of what he does in his day to day life.  We talk about last year’s contest, what’s going to be happening at the event in June and what it’s like to work at one of the oldest CERT teams.

The deadline for submissions to the FIRST Best Practices Contest 2009 has been moved to May 11, 2009.  It’s $5000 for first prize, so if you have a paper you think might be worthy, take the time to enter.

FIRST Podcast, Episode 2:  Jeff Carpenter, CERT-CC and Coordinator of the FIRST Best Practices Contest

Posted by martin, filed under Uncategorized. Date: April 20, 2009, 6:07 am | No Comments »

Rich and I are both nearly at our wit’s end today.  Whatever that really means.  We’re trying to do our day jobs while helping organize the Security Bloggers Meetup and Social Security Awards, and trying to manage our schedules for next week as well.  We realized during the show that we hadn’t really set aside any time to get together and record a podcast during RSA, so you may get a number of interviews from the event without actually hearing Rich and I in the same room.  We talk a lot about what we’ll be doing at RSA along with a couple comments about the Twitter worm from Easter weekend and the continuing issue of AT&T fiber cables being cut in the Bay Area.

Hope to see you at RSA next week!

Network Security Podcast, Episode 146, April 14, 2009
Time:  30:51

Tonight’s music:  The Pain of Numbers by Get Three Coffins Ready

Posted by martin, filed under Podcast. Date: April 14, 2009, 6:02 pm | No Comments »

Several months ago I was approached by the Forum of Incident Response and Security Teams (FIRST) to act as their official ‘podcast sponsor’ for the 2009 FIRST Conference in Kyoto, Japan, June 28 through July 3.  I’d heard of FIRST before and even done a little blogging to support them in 2008, but I really hadn’t had the need or the motivation to involved with them.  I wish I’d followed up last year and learned more about them, because it’s not too often that I really get the chance to work with a multi-national organization that has members from some of the largest incident response teams in the world, including BT, IBM, SANS, GIAC and just about every CERT/CIRT group around the globe you’d care to mention.  This is where some of the people who’re at the top of the incident response game come to meet and discuss what’s really going on behind the scenes.  The conference in Kyoto will be the 21st annual FIRST conference, which by itself gives you a clue about how important a group FIRST is.

So, of course, I leaped at the chance to go to Kyoto this summer and cover the conference.  It didn’t hurt that I’d already been talking to my wife about going to Japan this summer and that I’ll be spending my birthday somewhere I’ve wanted to go since I was about 10 years old.  I will be supporting FIRST by recording a series of podcasts leading up to the event to share some of the history behind the event, give listeners an idea of the topics that will be covered at the conference and even a little bit of flavor about what Kyoto will look and sound like in June.  I’ve already recorded several interviews with the people who will be speaking at the event, such as Jeff Carpenter from CERT-CC and Slawek Ligier from Verisign and have even more that I’m lining up for the future.  We’ll be releasing these podcasts on a weekly basis and I’ll be on-site to interview the speakers live from the event.  I’ll even be speaking at the event myself.

The first FIRST podcast is an interview with Mick Creane who is the 2009 FIRST Conference Program Chair.  Mick’s job has been to organize the conference overall and find interesting people to come speak at the event.  He gives us a litttle background into why this year’s topic is “Aftermath: crafts and lessons of incident recovery”.  Many of us think of ‘incident response’ as a computer security issue, but as Mick points out in the podcast, it’s at least as much about the physical recovery after an incident as it is the virtual recovery.  He also talks about some of the folks who’ll be speaking and why it’s so important that an event like this continues to be international, not just US or north american.

FIRST Podcast, Episode 1:  Mick Creane, 2009 Program Chair for the 21st Annual FIRST Conference

Next week I’ll be returning with Jeff Carpenter from CERT-CC, one of the organizer of the 2009 Best Practices Contest:  Detect.  It’s not too late to get your own submission in for the chance to win $5000!  And keep your ears open for interviews live from the event this summer.

Technorati Tags: , ,

Posted by martin, filed under Podcast. Date: April 12, 2009, 8:40 pm | No Comments »

Rich and I recorded this week’s podcast Monday night because I was supposed to be in San Francisco at Seesmic HQ learning about the newest version of the Twhirl twitter client, but after the day I’ve had, coming home and doing the final edit on the podcast was a much better idea.  Besides that I have another podcast to do some editing on and about twenty hours of other work I need to get done.  The worst part is that I have the new Harry Dresden book, Turn Coat, by Jim Butcher and don’t have the time to read it tonight.  And my life is relatively calm compared to Rich’s.  Oh well, if we survive the week, there’ll be another podcast next week.

Network Security Podcast, Episode 145, April 7, 2009
Time:  31:52

Show Notes: 

Posted by martin, filed under Podcast. Date: April 7, 2009, 8:04 pm | No Comments »