All posts by jb

Defensive Security Podcast Episode 60

Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target’s QSA, gets sued as a result of the breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

https://blogs.rsa.com/bad-decisions-made-faster-qualitative-security-risk-assessments-making-things-worse/

http://www.tripwire.com/state-of-security/vulnerability-management/defend-like-attacker/

https://secunia.com/vulnerability-review/

https://www.slideshare.net/secret/3LQwBdlNZ03kFO

https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/

http://www.bbc.com/news/technology-26358042

http://www.networkworld.com/news/2014/031714-4-lessons-cios-can-learn-279785.html?page=1

http://www.computerworld.com/s/article/9247017/Court_approves_first_of_its_kind_data_breach_settlement

http://www.chicagobusiness.com/article/20140325/BLOGS11/140329865?template=mobile

Defensive Security Podcast Episode 59

Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf

http://krypt3ia.wordpress.com/2014/03/09/assessment-corporate-threat-intelligence-versus-actual-intelligence-products/

https://securosis.com/mobile/advanced-endpoint-and-server-protection-quick-wins/full

http://www.networkworld.com/news/2014/030514-cios-battle-worker-apathy-towards-279420.html

http://www.csoonline.com/article/749450/navy-network-hack-has-valuable-lessons-for-companies

http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/

New Podcast Audio Setup

Up until now, I’ve been running the podcast on the cheap: a decent microphone, my wife’s borrowed laptop and Skype for pulling in Mr. Kalat. The audio has suffered a bit, because it’s really tough to balance the audio levels coming from Skype and from my microphone. I was also going mad from hearing myself on a slight delay, too.

Now that we have more than a few listeners, I thought it would be a good idea to invest in some real sound gear.

I had recently watched a video by Paul Asadoorian of PaulDotCom (now Security Weekly) fame from BSides Rhode Island where Paul describes what it takes to put on a podcast. He gave some great suggestions which helped me figure out what to do.

It might not look like a lot, but this is now how the Defensive Security Podcast will get mixed and recorded.

20140312-212755.jpg

I can share a connection diagram if anyone is interested.

Defensive Security Podcast Episode 58

Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html
http://www.csoonline.com/article/749298/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method
http://www.csoonline.com/article/749307/five-things-to-know-about-malware-before-driving-it-out
http://www.csoonline.com/article/749076/why-you-need-to-segment-your-network-for-security
http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/
http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/

Defensive Security Podcast Episode 57

Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://meetupblog.meetup.com/post/78413031007/no-doubt-this-has-been-a-tough-weekend-for
http://www.networkworld.com/research/2014/022414-how-to-test-the-security-279049.html
http://www.networkworld.com/news/2014/022014-why-companies-need-to-check-278927.html
http://www.networkworld.com/news/2014/022414-6-lessons-learned-about-the-279082.html
http://www.networkworld.com/news/2014/022414-how-it-can-establish-better-279048.html
http://www.counciloncybersecurity.org/attachments/article/12/CSC-MASTER-VER50-2-27-2014.pdf

 

Defensive Security Podcast Episode 56

Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2014/021214-white-house-pushes-cybersecurity-framework-278705.html

http://www.networkworld.com/news/2014/021114-it-innovation-challenging-security-pros39-278671.html

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

https://www.maliciouslink.com/what-the-target-breach-should-tell-us/

https://www.maliciouslink.com/what-the-target-breach-can-teach-us-about-vendor-management/

http://m.slashdot.org/story/198359

http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf

http://www.networkworld.com/news/2014/021814-6-tips-to-combat-advanced-278854.html

http://www.networkworld.com/news/2014/021914-time-to-drop-unnecessary-admin-278888.html & http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html

https://www.maliciouslink.com/one-weird-trick-to-secure-you-pcs/

http://www.businessweek.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data

https://www.maliciouslink.com/lessons-from-the-neiman-marcus-breach/

Defensive Security Podcast Episode 54

More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics;  Optimizing the use of security budgets in larger organizations.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
Verizon PCI report: http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf

http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
http://www.infoworld.com/d/security/target-attack-shows-danger-of-remotely-accessible-hvac-systems-235919

http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html
http://www.businessinsider.com/nbc-richard-engel-hacking-report-cyber-attack-sochi-olympics-2014-2

http://www.techrepublic.com/blog/it-security/how-mid-to-large-companies-can-optimize-security-budgets/

Defensive Security Podcast Episode 53

More advice from Bob; Follow up on Coke’s lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you

http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/

http://www.networkworld.com/news/2014/013114-target-credential-theft-highlights-third-party-278305.html

http://www.networkworld.com/news/2014/013014-positioning-your-institution39s-response-in-278292.html

http://www.networkworld.com/news/2014/013014-tor-enabled-malware-stole-credit-card-278289.html?source=nww_rss

Defensive Security Podcast Episode 52

Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email