Network Security Blog » Podcast

Network Security Podcast, Episode 266

Martin — Wed, 01 Feb 2012 20:45:53 +0000

We’re a day late, but we still managed to get this week’s show recorded! Rich is soaking up sun (or “teaching”, as he claims) in Cancún, Mexico, so we decided to rope in the illustrious Mike “Rybolov” Smith to discuss, surprise-surprise, privacy and monitoring.

Network Security Podcast, Episode 266, February 1, 2012

Time: 42:36

Show Notes:

Network Security Podcast, Episode 265

Martin — Wed, 25 Jan 2012 02:04:25 +0000

Unless you were hiding under a rock the last few weeks you’ve probably heard about the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) and their even more evil brother Anti-counterfiting Trade Agreement (ACTA). Many sites went dark last week, including Securosis, in protest and SOPA/PIPA were at least stalemated for the moment, if not entirely defeated. And since it’s a big story, we decided to discuss it at great length, probably saying many things that have been said by much smarter people than us. At least we hope it’s the smart people we’re agreeing with.

Zach was unavailable tonight, so we had to pull in two special guests in order to replace him. First off, Rich’s partner in crime at Securosis, Adrian Lane, joins us. Second, we’re joined by Liquid Matrix author and friend of the show, Jamie Arlen, aka @myrcurial. Jamie brings a little bit of an outsider’s viewpoint to the conversation as he’s not native to the Phoenix area and comes to us from north of the border.

No real show notes tonight, if you’re intersted in learning more about SOPA/PIPA/ACTA, do a little Googling. Or just go to the Electronic Frontier Foundations web site.

Network Security Podcast, Episode 265, January 24, 2012

Time: 55:00

Tonight’s music: Signs are Signs by The Midnight Hour

Network Security Podcast, Episode 264

Martin — Wed, 11 Jan 2012 00:10:44 +0000

As Zach prepares for his jaunt down to Miami Beach,
Rich waxes paranoid about his newfangled Microsoft-powered car — and
the prospect of Martin remotely hacking throttling the engine. It’s
hard to imagine a few of Rich’s ‘friends’ won’t try hard to get their
hands on his new remote and the system port on his car.

(Also, check out our nomination in the Social Security Bloggers Awards — and vote if you’re eligible to do so!)

Network Security Podcast, Episode 264, January 10, 2012
Time: 37:31

Show Notes:

Open tabs 01/09/12

Martin — Mon, 09 Jan 2012 14:24:15 +0000

Still feels a little funny to be putting the ’12′ in the year column, doesn’t it? I’m sure the feeling will go away by March or April. And it’s getting started as an interesting year already, with Symantec’s source code and courts approving warrantless GPS monitoring. I bet neither of those were captured in the “Top 11 Predictions for 2012″ so many pundits and bloggers put out at the end of the year.

Personally, I’m starting the new year with a ton of writing to do. Despite my best efforts, I didn’t blog as much as I would have liked to in the last few months, but I know that has to change. I have to start writing for the Akamai blog, I’ve got information for the Security Bloggers Meetup to post and I get several offers a month to write for other publications. Then there’s the internal projects that are in motion, at least one of which is requiring me to think in new and interesting ways in order to get concepts on a page properly. Plus I’ve got lots of interesting toys at work to play with; what questions would you be looking for answers for if you had access to the logs for a significant portion of the Internet? That’s actually a serious question I have to blog about some day soon. I’d like to hear what people want to see in a report.

And speaking of the Security Bloggers Meetup, I was nominated for two Social Security Awards last week. Rich Mogull, Zach Lanier and I were nominated for the work we do on the Network Security Blog and I was nominated for Best Post for my “Curing the Credit Card Cancer” post. Rich and I both sit on the committee that puts together the Security Bloggers Meetup, though neither of us works on the Social Security Awards, so before this year, we’d ruled that everyone on the committee was not eligible to be nominated. Alan Shimel changed the rule this year; he felt that since we had nothing to do with the SSA’s, it was unfair to exclude us. So, go vote for us. I’d love a chance to beat PauldotCom and the other contenders for Best Security Podcast. I’ve read the other blog posts, I don’t have much of a chance for the Single Best Post.

Open Tabs 01/09/12

Lax security exposes voice mail to hacking, study says – Yes, using an easily spoofed phone # as your single method of authentication sucks.
Kuwait wants to put an end to anonymous accounts on twitter – So they can put dissenting voices in prison. I wonder if our politicians will follow?
440,783 “Silent SMS” used to track German suspect in 2010 – There may be a common thread to what I find interesting lately.
Boot Hezbollah from Twitter or we sue, group says - Wha?? It would be censorship if it was the government asking for this.
Stuxnet weapon has at least 4 cousins: Researchers – Who would have suspected that Stuxnet was only the first wave? (Hint: think everyone)
No warrant needed for GPS monitoring, judge rules – This one worries me a lot. You’re home may still be your castle, but your car definitely isn’t.
Why Twitter’s “verified account” failure matters – Because, no matter what they do, identity is malleable and hard to prove.
Defensive search-and-destroy ‘virus’ delivered to Japanese government – Maybe not directly related to Stuxnet, but the same general idea.
Lilupophilupop SQL injections attack top 1 million infected URLs – Don’t try to pronounce the name of this attack.
Symantec confirms hackers accessed source code of two enterprise security products – Two older products, but still in use in some locations, I’m sure.

Network Security Podcast, Episode 263

Martin — Wed, 04 Jan 2012 00:20:07 +0000

It’s our first show of the New Year… wherein Rich describes server upgrades good and bad, being a victim in a data breach, and we discuss the rest of the latest news. We have to say, it’s a weird start to the year.

Network Security Podcast, Episode 263, January 3, 2012
Time: 36:45

Show Notes:

Southern Fried Network Security Podcast

Martin — Wed, 21 Dec 2011 00:27:41 +0000

This is Martin, and while I know we said we weren’t going to do another podcast this year, I got started talking to Martin Fisher over at the Southern Fried Podcast and we decided, “What the heck, let’s do one more this year and thank all our listeners for supporting us!” It was supposed to just be the two of us, but Rich happened to be available. It was also only supposed to be a few minutes, but when you get the three of us going, it obviously has the potential for going long.

All three of us are very greatful to our audiences, and I think I can say the same on behalf of our co-hosts. The year has had its ups and downs, but I believe we’re ending it on a high note. I hope your life is doing the same and that you have a good ChrisHanaKanzamas or whatever you celebrate this time of year. At least celebrate a few days off, if nothing else.

Southern Fried Network Security Podcast Christmas Special
Time: 25:29

Network Security Podcast, Episode 262

Martin — Wed, 14 Dec 2011 00:11:46 +0000

A discombobulated Martin and a sleep-deprived Zach get together for
the final episode of 2011 (and Rich isn’t around to join us — tsk tsk).
This week’s stories seem to be more of the same — surveillance, leaks,
and dumb legislation. Here’s to hoping for a brighter 2012.

Network Security Podcast, Episode 262, December 13, 2011
Time: 30:00

Show Notes:

Network Security Podcast, Episode 261

Martin — Wed, 07 Dec 2011 01:15:28 +0000

When Rich isn’t around to take up most of the time, Zach can actually
be pulled out of his shell to talk for a little while. Or maybe it’s
just when there are two hosts on the podcast there’s more time to talk.
In any case, Martin and Zach went a little long this week as well as
deep into paranoia land. And there’s so much in the news right now to
push us there. It’s kind of scary when you start to realize that as
much communication as modern technologies allow, they also allow a lot
of very deep surveillance. Which we as a society seem to be okay with.

Network Security Podcast, Episode 261, December 6, 2011
Time: 42:13

Show Notes:

India asks Google, Facebook to screen user content
Carrier IQ: The Real Story
9 Reasons Wired readers should wear their tinfoil hats
The impact of cloud computing on IT jobs
C|Net Download.com is now bundling Nmap with malware!
RIM issues statement about the Playbook Dingleberry root
Top 25 security influencers you should be following
Tonight’s music: Echoes and Falls by Senor Happy (in honor of the echo chamber)

Network Security Podcast, Episode 260

Martin — Wed, 30 Nov 2011 00:37:05 +0000

Believe it or not, all three of us managed to get together for a nice post-holiday show. After a brief discussion of pepper spray for holiday shopping, we jump into a nice menagerie of stories.

Network Security Podcast Episode 260
Time: 35:16

Show Notes:

Network Security Podcast, Episode 259

Martin — Wed, 16 Nov 2011 00:23:48 +0000

Rich and Martin are together for the first time in about 6 weeks thanks to all our overlapping travel. We are joined by Marisa Fagan who tells us about BayThreat- one of the only actual security conferences in the Bay Area (and a really good one). Then Marisa leaves and Rich and Martin jump into the security news.

Network Security Podcast Episode 259
Time: 39:43

Show Notes: