Archive for June, 2010

Jun 29 2010

The Network Security Podcast, Episode 203

Published by under Podcast

New show. Zach late. Show still good. Martin’s birthday. Mongo like.

Network Security Podcast, Episode 203, June 29, 2010
Time: 32:57

Show Notes:

One response so far

Jun 28 2010

Interview with Steve Adair, Shadowserver

Published by under Podcast

I got to talk to a number of very interesting people while work with the FIRST conference.  Steve Adair was one of the people I found very interesting because every time I did research on him, I found something new I’d missed before.  Steve’s talk was about the large number of compromises he’s seen working as part of the Shadowserver Foundation, with an emphasis on how we need to realize that attacks like the one on Google aren’t commonplace, but they aren’t rare either.  The chances are, you’re doing business with someone who’s targeted right now. 

I interviewed Steve shortly after his talk.  You can find this talk and the series of interviews I did for FIRST on their podcast page.  I’ve been told there’s a redesign of the FIRST site coming, I’ll fix the links afterward if there are any problems.

No responses yet

Jun 25 2010

Going to be speaking at Defcon

Published by under Hacking,PCI

Truth can be stranger than fiction sometimes; I’ll be speaking on a panel on compliance with Jack Daniels and Josh Corman at Defcon next month.  There’s a couple other people on the panel, who I’ll add once they’ve been confirmed.  This should be a fun panel, since we won’t be as interested in keeping it completely civil as we would at someplace like RSA or BSides.  We’ll laugh and shake hands afterward, but don’t be surprised by anything you hear during the panel.  And this is an interesting crowd to give this talk to, much more technical and focused than more managerial conventions like Black Hat.

I talk to Jack, Josh and a lot of other people about PCI fairly regularly.  I’m fairly confident I know their positions on compliance and they have a good idea of mine as well.  Jack’s a good moderate who sees both the good and bad, while Josh sees it as a tidal force in the security market space, and not one he likes.  Where PCI points, the money goes, like it or not.  But this talk won’t just be about PCI, we’ll talk about compliance in general, the good, the bad and the ugly. 

If you, by some chance, are around at Noon on Sunday, come see the discussion.  The question I have for the audience is simple, “How has compliance affected you and/or your company?”  Has it’s affect been positive or negative? Given the crowd we’re drawing our audience from, it could generate some very interesting responses.  I’m curious to see how a group that collectively thinks of themselves as hackers feels business attempts at compliance frameworks really affect the work they do.  I expect to hear more annoyance with compliance getting in the way of real work than anything else.

This should be a fun way to end Black Hat and Defcon.  Josh and I really haven’t had it out over whether compliance being a market force is a good thing or a bad thing and this is a good venue to draw him out on the subject.  I’m looking forward to it.

One response so far

Jun 22 2010

Network Security Podcast, Episode 202

Published by under Podcast

We’re old-school this week since Zach was on the road and Martin and
Rich managed to keep the show to under 30 minutes. And that’s despite
our “witty banter” section running a tad long.

Network Security Podcast, Episode 202, June 22, 2010
Time:  29:21

Show Notes:

No responses yet

Jun 11 2010

Testing the Apple wireless keyboard

Published by under Apple/Mac

The one thing I’ve hated doing since I picked up the iPad was anything involving typing. The concept of touching icons with a fingertip works in a wonderfully intuitive manner. But when you have to type out a password or anything longer than a tweet, it’ frustrating an slow. So I got the Boss’s (aka wife’s) permission to pick up the Apple wireless keyboard.

I’ve only had the keyboard for an hour and this is the first serious typing I’ve done on it, but in this short test it seems to be at least as responsive and tactile as any of the much larger keyboards I use on a daily basis. It’s incredibly thin and light, but it holds it’s place on the table, no skittering across the surface if I type too aggressively. Overall the feel is good and the slightly small keys don’t seem to inhibit my typing at all, despite my large hands.

I’ll be flying to the FIRST conference tomorrow and hope to live blog some of the presentations while I’m there. Between the iPad itself, a Verizon Mifi 2200 and the keyboard, I think I have a winning combination of easily packable blogging gear. Now to see if my suppositions match the reality at all.

5 responses so far

Jun 09 2010

The Network Security Podcast, Episode 200

Published by under Podcast

We went long tonight, really long.  It’s episode 200 and while we didn’t plan anything, we did take a fair amount of time at the end of the show to discuss the show, how we’ve changed since the Network Security Podcast was created in 2005 and generally just natter on about security.  Why not celebrate episode 200?  Because the podcast’s 5 year anniversary is right around the corner and we’ll celebrate then.  In addition to it being a long episode, I accidentally trashed two hours of work and didn’t get the podcast finished until this morning.

Network Security Podcast, Episode 200, June 8, 2010

Show Notes:

No responses yet

Jun 01 2010

The Network Security Podcast, Episode 199

Published by under Podcast

We have an interview with Akamai CSO Andy Ellis this week, so we cut our coverage of the news a little short. Which is okay, since Zach was dialed in from Denver and Rich managed to catch some sort of virus (turns out macs may not get them, but Mac users sure do).  Martin started to just about his new iPad, but, of all people, Rich cut him off. 

Network Security Podcast, Episode 199, June 1, 2010
Time: 37:05

Show Notes:

No responses yet