Oct 14 2015

NSP Microcast – G Data Summit – Natalya Kaspersky

Published by under Government,Podcast

It’s taken me a lot longer than it should have, but I finally got my interview with Natalya Kaspersky, CEO of InfoWatch and former CEO of Kaspersky Labs from the G Data Summit edited and posted.  We talked about the nature of current threats against enterprises (hint:  think APT and nationstate) as well as current changes to the global nature of the Internet.  Natalya has been in the security industry for some time and has a different viewpoint than a Western/US person such as myself.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 08 2015

NSPMicrocast – G Data Summit – Dr. Thorsten Holz

Published by under Podcast

A couple of weeks ago at the G Data Summit in Bochum, Germany, I got a chance to talk to Dr. Thorsten Holz, CEO and Director of the Horst Gortz Institute of IT Security at Ruhr University.  Dr. Holz and I talk about the nature of training the next generation of security professionals and how things have changed in education over the last decade.

It’s interesting to hear that even with the huge increase in students that Dr. Holz is seeing, it’s still not enough to meet with the needs of business in Germany.  I can’t imagine that universities and colleges in other areas are seeing any less of a demand than he is.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 06 2015

NSP Microcast – GData Summit – Walter Schuman

Published by under Podcast

A couple of weeks ago I was invited to the G Data Summit in Bochum, Germany to take part in a celebration of G Data’s 30th anniversary.  Being the oldest anti-virus company in the world is a little something for them to crow about.

During the event, I got a chance to interview Walter Schuman, G Data’s CSO.  Unluckily, CSO doesn’t mean Chief Security Officer, it means Chief Sales Officer.  Walter and I had a good conversation about what security means to his customers, why protecting customer’s privacy is important to a business like G Data’s and explored a little of the political landscape of the world and what it means to someone selling security products.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 02 2015

LHS Microcast, Interview with Jen Ellis

Published by under Podcast

I wish it hadn’t taken me so long to find the time to edit this podcast, because this interview with Jen Ellis (@infosecjen on Twitter) is pretty good, no thanks to me.  Jen Ellis had given a talk earlier in the week and Chris John Riley and I finally managed to track her down to the press room at Defcon.  We talk about what the legal system in the US means to researchers and hackers, how the system is flawed and what steps we should be taking to influence future legal measures. Jen also gives Chris and I a little background into the Wassenaar Arrangement and what it could mean to researchers internationally.

LHS Microcast, Interview with Jen Ellis

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 03 2015

Interview, Jeff Williams, Contrast Security

Published by under Podcast

I sat down for a few minutes at Black Hat to talk to Jeff Williams, the Chief Technology Officer of Contrast Security.  We spent a little time reviewing his past, which includes penning the OWASP Top 10 we all know and love, as well as talking about the work he does in application security now.

Interview with Jeff Williams, CTO Contrast Security

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Aug 27 2015

Interview, Keren Elazari, Researcher and Analyst

Published by under Podcast

I was able to catch up with Keren Elazari at Black Hat.  We talked about her presentation at BSides (Hack the Future) and what it means to us as security professionals.  Keren highlights how bits are controlling atoms more and more every day and how the next 20 years are going to make the changes of the last 20 look like child’s play.

NSPMicrocast-BlackHat2015-Elazari

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Aug 20 2015

Interview, Author and trouble-maker, Jason E. Street

Published by under Podcast

I had a chance to catch up with my friend, Jason E. Street at Black Hat in order to talk to him about a few of the projects he has going on.  In addition to full time employment he’s an author, he’s working to revitalize Defcon Groups and he’s helping to publicize the efforts by hackers at Def Con to donate blood every year.  Busy guy.

Dissecting the Hack:  The V3rb0t3n Network

Defcon Groups

Interview with Jason E. Street

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Aug 19 2015

Interview, Paul Kurtz, CEO of TruSTAR

Published by under Government,Podcast

I got to catch up with Paul Kurtz, CEO of TruSTAR Technology and former advisor to the White House on cybersecurity.  Paul and I talk about his work under a President and a President Elect, information sharing and the OPM hack.  This was one of the more interesting interviews I did at Black Hat, at least for me.  Hope you enjoy it too.

Interview with Paul Kurtz, CEO of TruSTAR Technologies

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Aug 16 2015

Interview, Dr. Engin Kirda

Published by under Hacking,Podcast

I sat down for a few minutes to talk to Dr. Engin Kirda, Chief Architect at Lastline and professor at Northeastern University in Boston.  We discussed the next generation of security professionals and his BH talk about the sophistication (or lack thereof) in modern ransomeware.  And, as with all interviews this conference, I asked about the OPM hack and retribution.

Interview with Dr. Engin Kirda, Lastline

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

May 10 2015

Spying pressure mounting worldwide

It’s been an interesting ride ever since Edward Snowden came out with the revelations about NSA spying efforts two years ago.  There was a huge public outcry at first, both from the side who believes spying on your own citizens is necessary and from the side who believes spying on your own citizens is a vital tool in protecting them.  Both sides of the argument have been trying to sway public opinion, with varying degrees of success, but it’s been the spy organizations that have been getting their way as judges and lawmakers side with them for the most part.  But that’s slowly changing and there’s additional pressure mounting on both sides of the argument.  It’s only a matter of time before the pressure seeks an outlet and it may be explosive when it does.

The first problem with spying by intelligence agencies in the US was that it was so secret that most courts couldn’t even get enough information about the practices to determine who had a right to sue for relief from the situation.  You can’t sue the US government unless you can prove you have standing in a case, that you are affected by the action, but you couldn’t prove you were one of the people who were spied upon if the information is too secret to be released even to the court.  So for nearly two years, that venue of combating governmental spying has been stymied.  As of last week though, that’s started to change as the US 2nd Court of Appeals in Manhattan declared that Clause 215 of the Patriot Act did not give authorization for massive collection of phone data.  The ruling also gave the ACLU standing in the case, enabling further legal action, but stopped short of declaring the spying efforts unconstitutional.  In a move that probably didn’t surprise anyone, multiple Senators and Presidential wannabe’s called for new laws to give the NSA and other agencies the power the court just denied them.

Abroad, there’s also a lot of push back against not only American spying, but against the national organizations who are cooperating with American organizations.  Germany’s Federal Intelligence Service (BND) had been cooperating with the NSA for years, feeding the American organization information directly from their telecoms and ISP’s, enabling the NSA to track German citizens in ways the BND might not be able to.  This got mostly overlooked when it was revealed that the US was listening in on Angela Merkel’s phone calls, but recent activity and the NSA’s refusal to give justification for the information they’re asking for has caused the BND to stop cooperating with the NSA and is creating quite an uproar in Germany.  Merkel’s political party has been under a lot of pressure because of the information the BND has been providing and there have even been calls for the resignation of the German Interior Minister.

That’s the recent wins on the anti-spying front.  On the other side, advocates of spying continue to push in all sorts of ways, from asking for golden keys in encryption technologies to calls for more power from legislators and less oversight by the judiciary.  Last week’s elections in the UK have emboldened Home Secretary Theresa May to call for the re-introduction of the so-called “Snooper’s Charter” in the country.  GCHQ already has significant powers within the UK and abroad, but the Draft Communications Charter Bill would extend these powers considerably and lessen any oversight on law enforcement agencies.  The good news is that even members of her own party are critical of the bill and might not be willing to back her call for further power.

Proponents of spying powers have nearly religious respect for the governments need for these powers and the government’s restraint of their use.  Theresa May seems to believe that any judicial oversight is too much and that the government can’t be restrained or the terrorists will win.  In the US, Supreme Court Justice Antonin Scalia has long held similar beliefs and has been very vocal about it.  Last year he presented to a Fordham University class on law, strongly stating that such powers are needed and cannot be limited.  This year when he went to present, the professor had given his class a new assignment: using only publicly available information, create a dossier on Justice Scalia.  The 15 page document was presented to the Supreme Court Justice and included extensive information about his financial information and family.  Rather than take this as an example of what the NSA or any other organization has at their fingertips and a warning as to why this might be dangerous, Justice Scalia blasted the teacher and his students, questioning their ethics and judgment.  It seems that it’s okay when an impersonal national agency does it, but not when a small group of students research the Justice.

And adding to the pressure cooker of the spying argument, China and Russia have signed an agreement not to hack each other.  It’s probably more accurate to say they’ve agreed not to get caught at it, but this means that their considerable resources will be at least partially turned away from each other and to different projects.  There’s probably not many people who won’t identify the US as the primary target of the freed up hackers, but there are plenty of other places they can put their efforts.  In a lot of ways, it’s like to gangs agreeing not to horn in on each other’s territory while they deal with a third gang.  Add in Russia’s upcoming data localization laws and things get very interesting, very quickly.

“May you live in interesting times.” certainly applies.  There’s pressure from all sides, some wanting to increase spying, some wanting to curb the capability of Western law enforcement agencies.  Both sides have valid points, but it’s a trade-off between the security that such spying might provide versus the damages to civil liberties and personal freedom that it causes.  There’s been almost no proof that spying by international agencies makes us safer, but by the same token it’s hard to express clearly how spying damages the lives of average citizens.  In many ways this is going to be one of the defining issues of the early 21st century and will determine the future of our civilization.  Do we defend our liberties or do we give governments the power to protect us from ourselves?  Only time will tell.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

Next »