Network Security Podcast

We shouldn’t let Rich take care of the show notes.  Sometimes he simply reuses last week’s show notes and forgets to change the flavor text at all.  In which case we give him a hard time.  After short break, the whole gang is together again this week, though Rich let it drop that this streak won’t continue, as he’s on the road again next week.  And Martin is going to be in Seattle when this episode drops, which is why it was actually recorded on Monday afternoon instead of Tuesday, like normal.  Find something within a standard deviation of ‘normal’ is a little hard though, something we all admit.

Network Security Podcast, Episode 286, August 28, 2012

Time: 37: 58

Show notes:

• Java 0day (with disclosure drama).
• Dropbox adds 2 factor authentication.
• Accuracy vs. Precision in Risk.
• Facebook tries to screw users again with privacy changes.
• Martin skewers Mary Ann Davidson on information sharing.
• What my father would have said about the TSA.
• Tonight’s Music: Brett Mikels with Disconnected

This week we’re joined by Adrian Lane (my coworker, but it was Martin’s idea) to give us some more insight on his latest WAF research. The WAF situation is actually a lot more nuanced than the “sucks/wins” arguments we usually hear. And, as usual, we also discuss the latest security news (without Zach, who has a “job” that takes his “time” or something like that).

Network Security Podcast, Episode 285, August 14, 2012

Time: 41:16

Show notes:

• Adrian Lane talks about his new Pragmatic WAF Management research and the problems with WAF.
• A short discussion on the complexities of a secure password reset procedure, in response to the Mat Honan hack.
• Trapwire monitoring. Evil? Only time will tell. How’s THAT for a FUDDY title
• Barracuda on the pay-for-play Twitter underground.
• Law enforcement can’t crack the iPhone, what are the implications?
• An article about finding attack origins that we couldn’t really make sense of.
• Tonight’s Music: The Garrett Nordstrom Situation with Death Letter Blues

Martin has decided to give Zach and Rich the week off, since he’s on the road and won’t be able to record a proper show this week.  Or he had a couple of interviews he did at Black Hat that needed to get out and didn’t feel like releasing as microcasts.  Take your pick.  Bryan Sartin and Sean McGurk are first, talking about Verizon’s Data Breach Investigation Report and the scary reality of our SCADA systems, followed by John Howie from the Cloud Security Alliance who talks about what the CSA does and why.  We’ll be back to a normal podcast next week.  Or at least as normal as possible.

Network Security Podcast, Episode 284, August 7, 2012

Time: 32:34

Tonight’s music:  Absentee by John Statz

The yearly pilgrimage to Las Vegas for BlackHat/DEFCON/B-Sides is over, and recovery mode is in full effect – and none of us got arrested/detained/married in Vegas (at least we don’t think…).  Completely Martin’s fault this week’s podcast was released late.  Sometimes a nap turns into a full night’s sleep after a week in Vegas.

Network Security Podcast, Episode 283, July 31, 2012

Time: 41:01

Show notes:

• Practical ARM Exploitation (Stephen Ridley & Stephen Lawler)
• Black Hat 2012 Kicks Off With Email Kerfuffle
• Black Hat 2012: Limited release for tool allowing smart meter hacks
• Former NSA Official Disputes Claims by NSA Chief
• At Defcon, hackers get their own private cell network: Ninja Tel
• Tonight’s Music:  Tiny Tiny by Blimp