Network Security Podcast

Rich and I are both a little short on time today, so it’s a good thing I recorded an interview with Gregory Conti, West Point professor and security author last week.  We have a couple of stories we go over briefly and no lack of opinions to go with them.  In other words, pretty much the same as every week.

Network Security Podcast, Episode 164
Time:  41:01

Show Notes:

• Hacker ring tied to major breaches just the tip of the iceberg – Oh goody, there’s more coming down the pipeline that we haven’t heard of yet!
• Breaking News:  Mac OS X Snow Leopard built-in AV? – Does anyone care?  But it does give Rich a few minutes to gush about the security updates in 10.6.
• Greg Conti – Author of Googling Security and Security Data Visualization.  But not the guy you want designing your next web site.
• Tonight’s Music:  Swampcandy with Devil in her Suitcase

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

Join us for the first ever Ranting Roundtable, where we get a few of our friends together, take the gloves off, and have at a particular topic.

This week, inspired by recent events, we turn out focus onto PCI. There’s a little bad language, but nothing too terrible. Our participants are:

• Rich Mogull
• Mike Rothman
• Alex Hutton
• Nick Selby
• Josh Corman

The Ranting Roundtable, PCI (50 minutes)

No goats were harmed in the making of this podcast.

Martin is back this week as we discuss some of the most fascinating drama to come out of the security world in quite some time. As the initial indictments for the Hannaford and Heartland breaches go public, all sorts of fascinating tidbits emerge. There are double crossing informants, Russian connections, and secret breaches that haven’t hit the public yet. We also finally learn exactly how most of these breaches occured. Heck, it’s almost interesting enough for a TV movie!

Network Security Podcast, Episode 163
Time: 38:44

Show Notes:

• Rich writes a letter to the CEO of Heartland. He is not expecting a Christmas card.
• Rich covers all the drama of the Heartland and Hannaford breach indictment.
• ATM skimming ring hits Chicago. And the banks didn’t bother to warn anyone.
• Hackers reverse-hack the police that busted them in Australia.
• DNA evidence can be fabricated.
• Tonight’s Music:  Coffee Man by Calvin Owens

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

Martin is out of town, so I’m joined this week by persistent-guest-host Zach Lanier of N0where.org and the Liquidmatrix Security Digest. I’m pretty amazed Zach agreed to join us again after all the abuse at Black Hat and DefCon.

We play it straight this week as we roll through a string of security news and stories, cramming as much security goodness as possible into our 30 minutes of fame.

Network Security Podcast, Episode 162
Time: 32:00

Show Notes:

• Dino Dai Zovi releases his OS X rootkit tools.
• Sandia National Labs builds a botnet… on a SUPERCOMPUTER!!!
• Mike Bailey on the WordPress admin password reset flaw.
• Bunches of vulnerabilities in XML libraries (that you probably use).
• Citi and BofA data breaches in Massachusetts via a merchant. Odds are more notifications are on the way.
• Twitter DDoS still. But mostly we rant about the idiocy of the mainstream press.
• Think you are blocking cookies? What about those Flash cookies?

This week we wrap up our coverage of Defcon and Chris Hoff to provide his psychic reviews. That’s right, Chris couldn’t make the even but he was there with us in spirit, and on tonight’s show he proves it. Chris also debuts his first single, “I Want to be a Security Rock Star”. Your ears will never be the same.

Network Security Podcast, Episode 161
Time:&nbsp41:22;

Show Notes:

• Chris Hoff’s Psychic Review
• Fake ATM discovered at DefCon.
• Korean intelligence operatives pretending to be journalists at Black Hat?
• Cloud Security Podcast with Chris Hoff and Craig Balding
• Tonight’s Music: I Want to be a Security Rock Star 
  

Yes, still one more Black Hat Microcast to go. This is the longest microcast in my pack so far, and Shawn and Nathan did a great job running through the gist of their talk, “Weaponizing the Web.” They discuss Cross-Site Request Forgery (CSRF) a bit, but with the added notion of applying it to sites that take user contributed content. They’ve also released a proof-of-concept tool, called MonkeyFist, to help demonstrate what they call “dynamic CSRF” attacks. (Note: I apologize for splicing an additional intro in there as it wasn’t originally captured very well on the mic).

Black Hat Microcast 8 – Moyer and Hamiel

Rich, Zach and I did a very tired end of day recording at Defcon on  Saturday.  The fact that I’m not posting this until Sunday morning gives you a good indication of how beat up we all are.

Defcon Microcast 3 – Saturday Wrap-up

Jeff Moss, aka Dark Tangent, is the founder and organizer of Black Hat and Defcon.  I had a few minutes to sit down with him today to ask about the attendance at this year’s Defcon, the rumors about the Riviera Hotel closing before the 2010 conference and the badge shortages this year. 

Defcon Microcast 2 – Dark Tangent

Johnny Long flew for 21.5 hours with another six hours of layovers to get from Uganda to Defcon this year.  He took a few minutes out of his day to talk about Hackers for Charity, the work he’s doing in Uganda teaching people to use computers and some of the issues he’d had with receiving charitable contributions and PayPal.  He’s issues with PayPal are almost comical in retrospect, but the help that came out of Twitter and blogging illustrate exactly how much power our community has as a whole.  If you’re at Defcon, make sure you stop by his booth in the vendor area.

Defcon Microcast 1 – Johnny Long, Hackers for Charity