Network Security Blog

I was only able to get a few interviews while I was in Vegas this year.  But one of my favorites was talking to Joe Grand, the creator of all five year’s worth of electronic Defcon badges.  This year’s badge was smaller than previous years but it had some unique and interesting capabilities and it was also the most artistic of them all.  Joe talks about the hardware that went into making the badge, some of the difficulties they encountered (and there are always difficulties) and plans for next year’s badge.  No, I didn’t get a scoop and can’t tell you what it will be, but if Joe Grand is involved, I’m willing to bet they’ll still be really cool.

BHDC 2010:  Joe Grand

Branden Williams is one of the thought leaders in the PCI field, or at least someone like me who blogs about it a lot and hopes others find value in our thoughts.  I had a few minutes to catch up with him at Black Hat, where we discussed what he’d seen at Black Hat as well as the upcoming changes to the PCI DSS.  It appears that not much has changed since our talk and that the conclusions that we drew still remain consistent with what the PCI Council has released since then.  Pardon the background noise, we accidentally chose what we thought was a quiet corner but turned out to be one of the major staff entrances and exits.

Black Hat 2010:  Branden Williams, Director of Security Consulting,RSA

This year at Black Hat we never got into our normal swing with microcasts of releasing them the same day they were recorded.  On top of that, I didn’t go home after the convention, I went off for another week on the road for work.  Which means I’m only now getting to a point of having the energy and time to edit and post.  Which is a long winded way of saying “Better late than never”.

Dimitri McKay, the Security Architect for LogLogic.  Dimitri and I talk about the Cloud Security Alliance and what it means as well as touching briefly on the new virtual appliance LogLogic has recently release.  We talk about why we need an organization like the CSA and even dig briefly into what the ‘Cloud’ is.  Not that we can actually define the cloud in less than 10 minutes.

Black Hat 2010:  Dimitri McKay, LogLogic.

Well, Martin, Rich and Zach all survived another trip to Las Vegas and the trio of conventions known as Black Hat, Defcon and Bsides. Our livers might argue that, but we ignored their cries last week and will probably continue to do so. We discuss a few of the presentations we saw, including the GSM and ATM breaking sessions, as well as the new vulnerability in Safari that uses a PDF rendering issue to jailbreak iOS devices, such as iPads and iPhones. And Zach got to be on the radio this week; now Martin is the only one left out.  Tonight’s episode is a little rough; Zach is on a cell phone and Martin is in Texas, so Rich gets to do all the fun stuff for a change.

Network Security Podcast, episode 207
Time: 30:00

Cisco recently released the 2010 Midyear Security Report and I caught up with one of the principal authors, Mary Landesman, Senior Security Researcher at Cisco.  Mary talks about the outcomes of the report and how the security landscape is changing.

NSP-BHDC2010-MaryLandesman.mp3

Zach couldn’t make it tonight, but Rich and Martin open the show with a call to our listeners for more email questions and topic suggestions. After answering a listener question last week, we realized it would be nice to engage with all of you a little bit more. But not too much… I mean we don’t want to touch you or anything.

We also spend a little time talking about how we handle our connectivity and security while at Black Hat and Defcon, which happen to be next week.

Network Security Podcast, Episode 206, July 20, 2010
Time: 42:38

Show Notes:s

• Millions of Home Routers Vulnerable to Web Attack.
• Visa issues guidance on tokenization.
• Visa pushes acquiring banks to stop forcing merchants to store credit card numbers.
• Wikileaks founder skips HOPE conference to avoid feds.
• NPR story on shortage of US cyberwarriors.
• Alex Hutton proposes Evidence Based Risk Management for security.
• Tonight’s Music:  Brian Bergeron and the Late Greats with Avalanche
  

Rich and Zach are still sweltering in their perspective heat waves, but Martin managed to nab an interview with Bob Russo, the head of the PCI Security Standards Council. We also cover a couple of stories and some honest to goodness listener mail!

Network Security Podcast, Episode 205, July 13, 2010
Time:  44:44

Show Notes:

• Listener Mail
• Interview with Bob Russo
• FBI Raids ‘Electronik Tribulation Army’ Over Witness Intimidation.
• Letter to the client.
• Tonight’s Music:  Missing You by Blue Matters

Once again we have a wandering host; Rich has wandered off into the hinterlands of Denver (Boulder, I think) and is too busy to call in for the podcast.  Left to their own devices, Zach and Martin muddle through tonight’s podcast without major mishap.  We’ve got a little PCI, a little disclosure and some potential cracks in the Apple Store armor. 

Network Security Podcast, Episode 204, July 6, 2010
Time:  30:28

Show Notes:

• PCI Standards to be updated every 3 years
• US Largely ruling out North Korea in 2009 cyberattacks
• Apple’s app store filled with app farms
• Employees crack Facebook security
• Full Disclosure and no disclosure
• Tonight’s Music:  Missing You by Blue Matters