Network Security Podcast

Tonight Martin, Rich, and Zach are together to cover the news in a seemingly zonked-out sort of way (busy week for all of us!).  We had our ups and downs tonight but in the end we made it through.  We’d like to extend a big thanks to everyone who took our Listener Survey, we’ve heard you and are working on making some improvements to the podcast over the next several months.  Zach has also created a Facebook page for the Network Security Podcast, so watch for some interesting stuff there in the not so distant future.

Network Security Podcast, Episode 191, March 30, 2010
Time:  25:53

Show Notes:

• The cloud is Great. Stop the hype.
• Would You Have Spotted this ATM Fraud?
• pwnat – NAT to NAT client-server communication
• How spam filters dictated Canadian magazine’s fate
• Microsoft’s Emergency IE Patch
• OpensSSL v1.0.0 arrives (Finally!)
• Tonight’s Music: Chachi on Acid with Spring Beasts of Death

Tonight Zach and Martin were joined by Josh Corman of the 451 Group.  Rich is off on a plane somewhere and couldn’t join us tonight, so we invited Josh to spend some time talking about this week’s stories as well as his own project, the Rugged Software Manifesto.  Rugged is still in it’s infancy, but it’s an idea based on raising awareness in the software developers outside the security community and getting them to realize that they need to anticipate that their software will be used in ways it was never intended for.  Josh is starting to build some momentum for Rugged and we’ll hopefully be hearing more about it in the future.  We got a little caught up on several of the stories so this episode is a bit longer than usual. 

Network Security Podcast, Episode 190, March 23, 2010
Time:  45:42

Show Notes:

• Naming and Shaming ‘Bad’ ISP’s

• Crackdown on .ru domains

• “Hacker” disables more than 100 cars remotely – Emphasis mine

• Court stretching computer hacking law in dangerous ways
• Download the Rugged Software Manifesto paper
  

We’ve been hearing about the Aurora attacks on Google and a host of other companies since early January.  So why is it that NSS Labs is finding that the majority of the End Point Protection (aka AV) companies aren’t protecting against the vulnerability yet?  And why is AVG upset with NSS Labs and their testing methods? To answer these questions and many more, Rich and Martin were joined tonight by Vikram Phatak, the CTO of NSS Labs.  Vik gave us some of the back story on why they were testing AV products and some of the surprising discoveries they made.  It’s not easy being an independent testing company and sometimes you’re going to annoy people despite your best efforts.  And sometimes people are going to be annoyed with you no matter what.

One point Vik wanted to make that didn’t make it into the podcast is that the 0day that was used in the Aurora attack is not just being used against corporate targets.  It’s being used against consumers as well, so it’s important that the average home user be aware that their AV product may not be protecting them at this point.  What is part of the podcast is a discussion of how many AV vendors are trying to protect against the payload that malware is attempting to deliver, not the exploit itself.  Both are important points people need to be aware of.

Network Security Podcast, Episode 189, March 16, 2010
Time:  39:56

Show Notes:

• Vulnerability-based protection and the Google “Operation Aurora” attack
• NSS Labs’ Questionable Report – Note that the screen shot shown is of the Firefox browser, not IE in any form
• AVG & The Aurora Exploit
• Questionable Questions (and some answers)
• 7th Annual ISSA Security Conference
• Please take our short listener survey to help us create a better podcast!
• Today’s Music:  Stereotactic singing Sweet Denial … With a Taste of Revenge

We’re trying to get some background information about who our listeners are, where they sit in their security careers and what we can do to improve the Network Security Podcast.  We’d really appreciate it if you can take 5 minutes or less to fill out the survey and tell us how we can serve your needs better.  This is the first time we’ve done this, so the questions may not be the best phrased, but hopefully you’ll get the idea.  You can probably guess some of the reasons we’d be interested in this information.

Click here to take the Network Security Podcast survey

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird.

Network Security Podcast, Episode 188, March 9, 2010
Time:  32:01

Show Notes:

• Great coverage of Martin’s RSA panel on disclosure. One of the first with an actual user on the panel.
• Government declassifies parts of the Comprehensive National Cybersecurity Initiative.
• Police get webcam pictures in school spy cases.
• Experts dismiss end to end encryption claims. Bunch of gross generalizations.
• Oops- Vodaphone distributes infected phone.
• … and Energizer distributes malware in USB battery software.
• Tonight’s music: 

Snort was one of the first security tools I ever used.  When I was working in a small computer lab years ago, I set up a Snort sensor just to see what was there.  And there was a lot in that particular environment.  I’ve used it many times since then and I found out at RSA that the first Sourcefire implementation I performed is still in place, basically unchanged since I left.  This is why I always take the opportunity to talk to Marty Roesch at Sourcefire if I can at RSAC.  This time I got a chance to talk to him about the omnipresent APT (he prefer’s using the term APA, coined by @nselby and others), the security existential crisis, the work Sourcefire is doing with Immunet, the Cloud and Sourcefire’s virtual appliances.  All that noise you hear in the background is the Securosis Recovery Breakfast. 

NSP-RSAC2010-Sourcefire.mp3

I’ve been a member of the International Information Systems Security Certification Consortium [(ISC)2] for nearly a decade; I passed my CISSP test in November of 2002 and don’t have to worry much about CPE’s until at least 2011.  So when I was offered an opportunity to talk to Hord Tipton, Executive Director of the (ISC)2, I didn’t hesitate to take them up on the offer.  We started off easy, talking about what’s new at the (ISC)2, and the Safe & Secure Online Program.  Then we moved on to the harder questions, like “What have you done for me lately?” and “What are you doing about people who shouldn’t be CISSP’s in the first place?”  The (ISC)2 is never going to make all of us who are certified happy, and that they are taking some steps to address concerns about unqualified practitioners, but it’d be nice if they were a little more public about it.  Oh, and you’ll hear at the end that the (ISC)2 definitely accepts listening to podcasts for CPE’s.  I forgot to ask about producing them.

NSP-RSAC2010-ISC2.mp3

It’s hard doing interviews on the showroom floor at RSAC.  Even the relatively quiet places are incredibly noisy when you get right down to it.  The good thing is it hopefully masked the worst of my mispronunciation of Roel Schouwenberg’s name.  Roel is the Senior Anti-Virus Researcher at Kaspersky Lab and spent some time talking to me in the Threat Post booth on the showroom floor at RSA 2010.  We started off talking about the omnipresent APT, moved into slicing apart signature-based AV and end up on organized crime and what the future may bring. 

NSP-RSAC2010-KasperskeyLab.mp3

Jan Hichert, CEO of Astaro Internet Security, and I met in one of the quieter hallways of the 2010 RSA Convention.  Of course, ‘quiet’ is a relative term when it comes to RSA, but the audio came out acceptable in any case.  We talked about several of the new products Astaro is offering this year, including Astaro Mail Archiving, Astaro Wireless Security and Astaro RED.  We finished the conversation talking about Jack Daniel’s new position at Astaro, social media and Security BSides.  I think Astaro is one of the few security companies that actually get social media, in large part thanks to Jack. 

NSP-RSAC2010-AstaroSecurity.mp3

While I’m sure Mikko Hypponen, Chief Research Officer at F-Secure, is getting as tired as hearing the term APT* as the rest of us are, he had some insight into what’s really happening with this threat and the fact that it’s not something new, it’s just the acknowledgment that it’s happening that’s new.  He’s been seeing similar attacks going on for nearly six years, what’s changed is the recognition and public attention to the threat that’s something new.  He believes that the organized crime component of malware will be moving to smart phones as the criminals realize that it’s easier to make money quickly and easily from phones than the complicated hoops they have to jump through to make money from computers.

NSP-RSAC2010-FSecure.mp3

* I’m with @CSOAndy who believe the A in APT should stand for Adaptive, not Advance.  It’s much more descriptive of what’s really happening.