Rich is playing super-secret secret-squirrel in an undisclosed
location (actually he’s teaching multiple talks at a conference in
Arizona), so Martin and Zach run the gamut from their own recent
conference tomfoolery, to China’s “goodbye Cisco!” move, to “how do i
shot honeypots”, and a few other things in between. Also, Zach takes a
few moments to fawn over Alec Empire.
Network Security Podcast, Episode 294, October 30, 2012
I got to catch up to a couple of friends of mine, Sherri Davidoff and Jonathan Ham, a few weeks ago. They recently released a book called Network Forensics: Tracking Hackers Through Cyberspace. The pair talk about what goes into creating a lab in preparation for a book like this, about Internet Pigeon Protocols and about how their team set up the forensics challenge at this year’s Defcon.
We’ll return next week with a normal podcast. Or something like a normal podcast, since I’ll be on the road again.
NSP Microcast – Davidoff and Ham, October 9, 2012
This week’s show went a little long, as all three of us had a lot to say on the stories we covered. We also spent more than a few minutes at the beginning of the show talking about some of the resources people can use to get mentorship when entering the security field. We also ramble a little bit and Rich gives us an assessment of one of his co-workers technical skils.
(All three of us made the show this week, and to be honest it was a little wittier than usual, if we do say so ourselves).
Network Security Podcast, Episode 291, October 2, 2012
It’s a bit frustrating sometimes, working for a company like Akamai. When you hear stories about DDoS and other attacks on large institutions, we’re often involved in the mix somewhere, simply because we deliver so much of the Internet’s traffic. But we long ago decided we don’t want to be sensationalist or ambulance chasers, we don’t want to reveal too much about specific customers and we don’t want to reveal too much of the secret sauce that allows us to protect our customers. The result has been that it’s easier to let other people tell the stories rather then get involved in the conversation, even if we often know the person who was interviewed for an article knew very little about what’s actually going on. Plus it’s been a little annoying to have to recuse myself from the discussion on the podcast when I can’t talk without revealing what I know about the story in question.
That being said, it’s been nice to be able to be a bit more active in some of the current stories that are happening on the Internet, especially for my teammate, Mike Smith. Last week I was able to post about the recent SSL vulnerability tool (Take a Byte out of CRIME) and how it affects our company (not much, soon not at all). But more importantly, Mike was able to write a post about the recent spate of DDoS attacks that have been in the news (Information, not Hope, is the Key to Surviving DDoS Attacks) and has been interviewed for a number of articles by news outlets (Bank attackers more sophisticated than typical hactivists, expert says and US Banks Hit by More than a Week of Cyberattacks). There’s probably a few more to come out, but that’s a start.
It’s nice to have information that can be freely shared and is public about news stories. Having to keep quiet about things like this is frustrating, especially since as part of my role at Akamai I’d like to do is sharing as much information about what’s happening on the Internet as is possible. The fine line to walk is between being a source of valid information and being a media whore who just wants attention. Though, as a blogger, it’s probably too late for me.