Alan Shimel invited my on his podcast to talk about one of my favorite topics, ME. Actually, it’s kind of embarassing to talk about myself like this, but it was interesting to understand what the people I interview feel like. If you’ve ever wondered how I got into security and what made me the person I am today, then you’ll like this interview. I also talk about blogging, podcasting and how I got into both. It went a little longer than originally intended, but I seem to have that problem a lot lately.
StillSecure, After All These Years, Podcast #8
Technorati Tags: security, interview, Alan Shimel, Martin McKeay
Last night I went to the San Francisco Podcast Meetup last night, which is always a blast. Shel Holtz and Chris Heuer and I sat in a corner making snarky comments about the speaker. Hint for the future: when talking to podcasters, talk about how your company relates to them, not about how your company makes money for themselves and independent music companies. When he finally got to the stuff podcasters were interested in, there was a lot of good stuff about iodapromonet, but he’d already lost a lot of the audience.
One of the high points for me was the fact that Adam Curry showed up. If you don’t know about Daily Source Code, you haven’t listened to one of the most popular podcasts on the ‘Net. He’s also the main personality behind Podshow. Of course, if you’re in my age group, you know Adam from his days as an MTV VJ. One of the traditions at the Meetup is to pass the mic around at the start of the meeting and everyone introduces themselves and their podcast. When I introduced myself, I heard Adam say something and point to me, but at the time, I knew I couldn’t have heard what I thought I had. So after the main meeting I asked him what he’d said, and I’d heard him correctly, he’s subscribed to my podcast! Now I’m sure Adam’s subscribed to a lot of podcasts, and we’ll see if he stays subscribed, but it felt good to have a high profile subscriber. Plus, Adam’s only the second or third person I’ve met face to face who’s actually listened to my podcast. Okay, ‘pat-yourself-on-the-back’ time is over.
Adam getting a business card from the youngest podcaster
Technorati Tags: podcast, Adam Curry, SF Podcast Meetup
This week I talked to Ravi Ganesan, founder of TriCipher. He fills me in on some of what’s been happening with Man in the Middle attacks against two-factor authentication used by banks and financial institutions. It sounds like this is a fairly small issue right now, but it could quickly grow in the near future. Ravi is clearly an expert on authentication solutions and gives some hints about where security professionals need to be looking in the future. I also take a few minutes to talk about some changes that may be happening to the PCI standards in the near future, the concept of compensating controls. By the way, I mistakenly called Ravi the CEO in the podcast, sorry for the mistake. I’m not a CSO either, so I figure that makes us even.
Network Security Podcast, Episode 36, July 25th, 2006
Tonight’s Music: Shemekia Copeland – Breakin’ Out
Technorati Tags: security, podcast, Man in the Middle attack
I wish this suprised me; Federal Air Marshalls have been putting innocent people on watch lists to meet quotas. I especially like the quote from one of the air marshalls:
“Well, it’s intelligence information, and like any system, if you put garbage in, you get garbage out,” the air marshal said.
Bruce Schneier has a lot more to say on this situation, but the very concept of law enforcement professionals having a quota they have to meet is stupid. That’s like telling a computer security professional that they have to log a certain amount of IDS alerts a month. Sure, I can tweak the IDS signatures to meet that quota, but the information generated by the IDS is going to be rendered nearly useless by the process.
Technorati Tags: security, air marshalls, quota