Network Security Blog

Somehow we’ve managed to get Martin, Rich, and me together on a fairly regular basis. Pretty impressive (superhero-like, even). It seems as though I was full of more beans than usual, taking a few playful jabs at Rich (something about goat smuggling) and Martin (butterfly tattoos, if I recall correctly). While we had a bit of fun, and actually talked about security, I get the overwhelming sense that schedules are about to go haywire again. Oh, well. C’est la vie!

Network Security Podcast, Episode 182
Time: 38:30

Show Notes:

• Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF – the NSA’s guide to scratching that nasty metadata from your documents (this came from listener feedback)
• Official Google Blog: A new approach to China – They’re movin’ out — after intruders move in.
• The attack on Google: What it means – Andy Jaquith’s distillation and take on the debacle
• Does the Fourth Amendment cover ‘the cloud’? – You may think you own your data…
• Darpa: U.S. Geek Shortage Is National Security Risk – Call of Duty: Uncle Sam Needs Nerds
• Operation “Aurora” Hit Google, Others – McAfee’s George Kurtz discusses the coordinated attacks against Google and others
• An Insight into the Aurora Communication Protocol – McAfee’s analysis of the protocol used by the malware involved in “Operation Aurora”
• Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack – Tavis Ormandy drops some privilege escalation 0day affecting all NT-based versions of Windows from 3.1 to 7
• Tonight’s music: “Devil Comes to Town” by The Hillbilly Casino

This is part 2 of a conversation that CSO Online Senior Editor Bill Brenner agreed to record with Martin, sparked by a few comments Joshua Corman made likening PCI to ‘No Child Left Behind”.  In Part 1, our cast of characters outlined some of their basic ideas on how PCI and compliance in general is affecting security.  Here in Part 2 we have a chance to rebut some of the points made in the first half.  This was a lot of fun for us and you may be seeing (hearing?) a smaller group of us get together on a monthly basis to keep this conversation going.

Network Security Podcast, PCI Debate Part 2
Time:  37:29

Show Notes:

• Bill Brenner, CSO Online Senior Editor
• Joshua Corman, 451 Group
• Jack Daniel, Uncommon Sense Security
• Ben Rothke, BT Global Services
• Anton Chuvakin, Security Warrior
• Mike Dahn, Chaordic Mind
• Ward Spangenberg
• Part 1 of our conversation can be found at CSO Online.
• Tonight’s Music:  Simple Lyric by Caroline Lavelle

Did you ever do something that you knew wouldn’t end well, but you had to try it anyway?  That pretty well describes this week’s episode in a nutshell.  Martin’s at home, Zach’s at home, so of course Rich had to be gallivanting around the countryside playing with his Verizon Mifi, an iPhone and Skype.  Any one of those technologies by themselves have made grown podcasters cry, so we knew from the start this episode was doomed.  I’m glad to say we got a show out of this afternoon’s comedy of errors, but it’d be a stretch to say this is in the top 5 shows so far this year.

Network Security Podcast, Episode 181
Time: 30:16

Show Notes:

• IT Job satisfaction at an all time low – How’s job satisfaction in the Security sphere?
• Kasumi, aka A5/3 also cracked – Isn’t this the replacement for A5/1?
• SSL & TLS “solution”
• Thierry Zoller – For a better explanation of SSL/TLS
• Win2K and XP SP2 off life support
• Airport scanners can store and transmit images – Why are we surprised?
• The Great PCI Security Debate of 2010, Part 1 – Part 2 coming to a blog near you!
• Tonight’s music:  Carrie Catherine with Biggest Mistake
  

The year 2010 is starting with a whimper, not a bang.  Yesterday morning it was announced that Securosis and Security Incite are merging, so we had Adrian Lane and Mike Rothman on the show to talk about the event.  A little over halfway through the show, Martin’s internet access suddenly died and the rest of the crew were left to have great fun at his expense.  There was not an earthquake, but rather a ‘backhaul issue’ at the ISP, whatever that means.  At least that’s better than a ‘backhoe issue’, which would probably involve a lot of fiber suddenly going dark.  In any case, we finished the show, but this not a great omen for the new year.  Unless you’re Rich and Zach, who found the whole thing very amusing.

Network Security Podcast, Episode 180, January 5, 2009
Time: 42:34

Show Notes:

• GSMA to review security hack this week – Moving on to the next stage of denial, we have the GSMA.
• TSA iPhone App is like Yelp for Pre-flight Pat-downs – Rate the TSA from your iPhone.
• TSA Threatens Blogger Who Posted New Screening Directive – Subpeonas do not equal search warrants
• TSA Withdraws Subpoenas Against Bloggers – Maybe the heavy handed tactics weren’t such a great idea after all.
• No music tonight