Network Security Blog

And now that Martin’s home, Rich is off on baby-leave (I think that’s what it’s called). Martin and Zach briefly discuss this week’s big news — Mandiant’s “APT1″ threat intelligence report, which we strongly encourage you to read yourselves. Also, Martin gives us a bit about his experience attending ShmooCon 2013 this past weekend. Spoiler alert: http://imgur.com/GUYy8Rn

We’ll likely be skipping next week’s show while attending RSA, but if you’re around, seek us out for a beer.

Network Security Podcast, Episode 304, February 19, 2013

Time: 30:23

Show notes:

• Mandiant APT1 Report
• DDoS Attack on Bank Hid $900,000 Cyberheist
• Facebook Hacked, Mobile Dev Watering Holes, and Mac Malware
• Apple hacked by same group that attacked Facebook
• Pint-Sized Backdoor for OS X Discovered
• [Edited]This week’s music:  Midlife Tragedy by Rad Thought

Rich goes missing again (but this time due to work [or so he says]). A slightly shorter show this evening, wherein Martin and Zach discuss upcoming events, like RSA, SOURCE Boston, BeaCon, etc., as well as — oh, look at that, already surpassed a 300th CVE entry for 2013. Oh, and it’s Ruby on Rails!

Network Security Podcast, Episode 301, January 29, 2013

Time: 29:57

Show notes:

• Cloud Security: The Secret Sauce
• Rails PoC exploit for CVE-2013-0333
• What the ban on unlocking phones means (worse than you think)
• Tonight’s Music:  Free To Be Freaks by Freak Accident

It’s here!  We finally did it!  Episode 300 of the Network Security
Podcast has finally been recorded, edited and posted! Sorry it didn’t
get published immediately, but it takes a while to edit over 2 hours of
audio.

So what did we do for Episode 300?  Martin flew to
Phoenix to record from Casa de Mogull and Zach dialed in from New York. 
We attempted to stream the show live during the recording, but the
spirits of technology, and UStream in particular, had other ideas. 
Which is exactly what we deserve for the amount of preparation we put
into the attempt.

It’s been a long, strange road that all three of
us have traveled to get to this point and we spend the show talking
about how security has changed in that time.  Vulnerabilities and
patching are, and probably always will be, one of the biggest news items
we talk about, especially since some of the vulnerability warnings we
have to talk about aren’t all that much different from the 00′s of
others we’ve talked about in the past.

Once again, we’d like to
thank our listeners for continuing to come back week after week to
listen to us.  Yes, we do the podcast in part because it’s fun, but what
really keeps us coming back week after week is the listeners.   Thank
you.

Network Security Podcast, Episode 300, January 15

Time: 2:05:00

It’s our last show for the year, folks. We’re taking about a month off, and we’ll be returning in 2013 for Episode 300! Happy Holidays from Network Security Podcast!  No Rich this week, but Martin and Zach make up for the lack somehow.  Maybe experience has taught them something.

Network Security Podcast, Episode 299, December 11, 2012

Time:  32:10

Show notes:

• Hackers Behind Tumblr Worm Say They Warned Tumblr of Vulnerability Weeks Ago
• Patriot Act can “obtain” data in Europe, researchers say
• Hacktivist Speaks Out About DDoS
• Russia backs down on proposals to regulate the Internet
• Hacker Group Touts 1.6 Million Password Dump To Protest UN Internet Regulation
• Inj3ct0r Team has hacked ExploitHub.com
• Tonight’s Music:  Santa Claus is Freaking Me Out by Lord Weatherby

It’s Rich that’s out this holiday week, so Martin and Zach talk turkey (no pun intended) about Skype SNAFUs, LTE going all a-splode-y, and a Linux rootkit that will make you go “That’s…neat…?”

Happy Thanksgiving!

Network Security Podcast, Episode 297, November 20, 2012

Time:  31:00

Show notes:

• Skype password flaw made stealing accounts easy
• Obama signs secret directive to help thwart cyberattacks
• One Simple Trick Could Disable a City’s 4G Phone Network
• FreeBSD.org intrusion announced November 17th 2012
• HTTP iframe Injecting Linux Rootkit
• Tonight’s Music:  Nalts with Ax Chase Turkey

This week we start by discussing Martin’s ear wax and Rich’s cough, and it’s all downhill from there. Zach is out this week, but Rich and Martin open with a discussion of the Cloud Security Alliance conference and some things we both learned between there and the events Martin has been at. Then we delve into the week’s news.

Network Security Podcast, Episode 296, November 13, 2012

Time:  37:17

Show notes:

• Many large companies sued for using (a version of) SSL/TLS by a patent troll. This is an important story you really need to keep an eye on.
• Petraeus outed by Gmail. Email location data was used to identify the people behind the accounts.
• DDoS marketing stunt goes bad.
• Google implements Do Not Track in Chrome.
• MasterCard rolls out credit card with built in PIN pad and display.
• Tonight’s Music:  Edie Carey with Under a Sky

Rich is M.I.A. again, and we’re left do discuss Russia, “the biggest problem in computer security”, and the perpetual badness of industrial control systems.  And hopefully by the time you read this, all of the Presidential excitement will be over, or you’ll have a drink in hand and won’t care any more.

Network Security Podcast, Episode 295, November 6, 2012

Time:  35:06

Show notes:

• The Biggest Problem in Computer Security
• Proactive defense prudent alternative to cyberwarfare
• How Georgia doxed a Russian hacker (and why it matters)
• Russia deploys a massive surveillance network system
• Unprotected backdoor into industrial control systems
• Digital Bond – 3S CoDeSys
• PayPal, Symantec hacked as Anonymous begins November 5 hacking spree
• B-Sides PDX
• Tonight’s Music: Proof I Exist with Ghost Rider

Rich is playing super-secret secret-squirrel in an undisclosed
location (actually he’s teaching multiple talks at a conference in
Arizona), so Martin and Zach run the gamut from their own recent
conference tomfoolery, to China’s “goodbye Cisco!” move, to “how do i
shot honeypots”, and a few other things in between. Also, Zach takes a
few moments to fawn over Alec Empire.

Network Security Podcast, Episode 294, October 30, 2012

Time:  44:17

Show notes:

• China Unicom replaces Cisco devices over security concerns
  
• Launch of the UNODC/TPB technical assistance tool on The Use of the Internet for Terrorist Purposes
  
• Deep Inside a DNS Ampliciation DDoS Attack
  
• Do any of you use Honeypots? are they still worth it?
  
• COUNTERMEASURE 2012
  
• Tonight’s Music:  Jack Erdie with Pumpkin

I got to catch up to a couple of friends of mine, Sherri Davidoff and Jonathan Ham, a few weeks ago.  They recently released a book called Network Forensics: Tracking Hackers Through Cyberspace.  The pair talk about what goes into creating a lab in preparation for a book like this, about Internet Pigeon Protocols and about how their team set up the forensics challenge at this year’s Defcon.

We’ll return next week with a normal podcast.  Or something like a normal podcast, since I’ll be on the road again.

NSP Microcast – Davidoff and Ham, October 9, 2012

This week’s show went a little long, as all three of us had a lot to say on the stories we covered.  We also spent more than a few minutes at the beginning of the show talking about some of the resources people can use to get mentorship when entering the security field.  We also ramble a little bit and Rich gives us an assessment of one of his co-workers technical skils.

(All three of us made the show this week, and to be honest it was a little wittier than usual, if we do say so ourselves).

Network Security Podcast, Episode 291, October 2, 2012

Time:  38:30

Show notes:

• A trollish title for an iOS 6 article, but good advice hidden inside.
• IEEE password analysis.
• Process control system vendor hacked. Damage level unknown. As usual.
• Adobe hacked and malware signed with their certificate. You might have heard about this already.
• White House hacked. But not really.
• Akamai analysis of the recent DDoS attacks.
• Tonight’s Music:  Edwin Holt with You’re in for a Big Surprise