Network Security Podcast

Despite a short discussion of Rich’s paranoia in the opening of the show, we mostly play it straight and stick to the security news. We found a few interesting stories this week, and the major theme seems to be “stupidity”. On one side is a prison that let an inmate reprogram their computer system, on the other a money-mule for scams that thought sending money-grams to foreign countries was a legitimate “work at home” job.

Sigh.

Network Security Podcast, Episode 168
Time:  29:53

Show Notes:

• Inmate locks staff out of prison computers. Multiple levels of hilarity ensue.
• Microsoft releases free antivirus. World doesn’t end. (Yet).
• SMB2 exploits become public. World doesn’t end. (Yet).
• NIST releases smart grid security guidance.
• A money-mule’s story. Fascinating level of naivete.
• Tonight’s music: Caught by Emma Wallace

Before we dig into this week’s security news, we diverge (slightly) to talk about Emergency- This Book Will Save Your Life and disaster planning. I (Rich) read the book last week and found it to be a ton of fun; it’s the story of a journalist who slowly descends into the rabbit hole of the survivalist community. Well written, with plenty of good advice and stories. It’s not really a survival guide, more of a personal story and lessons learned.

I had a bit of a shock as I realized that most of my disaster plans aren’t relevant anymore as my life status has changed. I used to be single, in Colorado, and part of the response infrastructure (which means access to a ton of resources). Now I’m married, with a child and pets. I can’t really run off with a backpack and play hero if something bad hits.

We also delve into some IT related disaster planning, so this isn’t a complete non-sequiter.

Network Security Podcast, Episode 167
Time:  32:13

Show Notes:

• Chinese researchers figure out how to take down the West coast power grid by hitting a smaller provider. Oh joy. At least they disclosed it.
• Some idiot logs into Facebook while robbing a house. This is now my favorite dumb-criminal move of the year. Oh wait, did I forget to mention he left himself logged in after he left?
• Some site claims to hack any Facebook account for $100. Or to pretend to hack it for $100. You get to guess which one it is.
• Court rules that just because you did something your employer didn’t like with authorized access to a computer, it isn’t a computer crime. Well done.
• Researchers come up with an idea for a new home security markup language. Good intentions, not sure it will matter.
• RSnake on Star Trek and security. If you read one post this year, it should be this one.
• Tonight’s music: Me and by Wife by Root Doctor

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

You’d think that after taking off last week Rich and I would be back and better than ever this week.  But Mr. Mogull had a speaking engagement elsewhere this week so I was joined once again by Zach Lanier of N0where.org.  In fact, Zach has agreed to join us on a regular basis and will be contributing a weekly segment where he’ll be doing a deeper dive on a news story each week.  At least that’s the plan at this time, but those are always subject to change.  I also had a chance to interview Tim Mather about his (along with Subra Kumaraswany and Shahed Latif) upcoming book, Cloud Security and Privacy.  I find it interesting to hear about how much the idea of the Cloud has changed since Tim started work on the book. 

Network Security Podcast, Episode 166
Time:  40:14

Show Notes:

• FBI Jobs site gets hacked – SQL Injection against an FBI site?  I’d be embarrassed.
• University research exposes potential vulnerabilities in cloud computing – Emphasis on the ‘potential’, but it’s an issue we do have to beware of.
• End-to-end encryption:  The PCI security Holy Grail – It all depends how we define ‘end-to-end’.
• All TI signing keys factored
• Tonight’s music: Black Rebel Motorcycle Club with Whenever You’re Ready

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

Over the last few days both Rich and I have tried taking a little bit of time away from our computers and cell phones.  We both succeeded to a greater or lesser degree, though my efforts to avoid computers was hampered by a bright, shiny new Asus EEE 1005HA.  We’re feeling refreshed and relaxed now, so there is no podcast tonight.  Of course, the reality is that since we both spent days away from the Internet, we really didn’t have any stories that we had read thoroughly enough to really comment on.  Not that we’ve ever let that stop us before.

We will be returning to our regularly scheduled podcast next week.  Promise.

Rich is off talking at a local OWASP meeting and I’m sitting at home tonight trying to figure out Overlord.  My kids are finally adjusting to being called Minion 1 and Minion 2.  Rich and I hit some of our favorite topics like PCI and Apple updates, as well as gaming DDoS attacks and rules about searching your laptop.  It should be no surprise to anyone that Rich and I would both like to go back to a time where actual evidence was needed before you can take a traveler’s laptop.

Network Security Podcast, Episode 165, September 1, 2009
Time:  33:29

Show Notes:

• Security expert’s PCI analysis misguided, says PCI Council GM – I’m very glad that Bob Russo is paying attention to the conversation about PCI.
• Some follow-up questions for Bob Russo, GM of the PCI Council – Rich’s response to Mr. Russo’s post at SearchSecurity.  And Mr. Russo’s comments on Rich’s post.
• China game boss sniped rivals, took down Internet
• DHS:  Secretary Napolitano announces new directives on border searches of electronic media
• ‘New’ travel search rules just won’t fly
• AV makers fault Apple on Snow Leopard malware scanner
• Peering inside Snow Leopard security – I forget sometimes that Rich really is one of the experts on this topic.
• Tonight’s Music:  Black Rebel Motorcycle Club with Weapon of Choice

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“