Category Archives: Podcast

Defensive Security Podcast Episode 65

Podcast, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Cisco’s annual security report for 2014; the Verizon Data Breach Investigations Report; 7 deadly cyber risks from Zurich Insurance; Alien Vault  urges opening up threat  intelligence; Stanford’s new password policy; New social engineering alert from Trusted Sec; New Internet Explorer 0day

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf

http://www.ibtimes.co.uk/zurich-insurance-unveils-7-deadly-cyber-risks-1445607

http://www.infosecurity-magazine.com/view/38136/alienvault-ceo-throws-down-the-gauntlet-on-threat-sharing/?utm_source=twitterfeed&utm_medium=twitter

http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/

https://www.trustedsec.com/april-2014/red-alert-massive-cyber-wire-fraud-attacks-us-companies/

https://community.qualys.com/blogs/laws-of-vulnerabilities/2014/04/26/new-internet-explorer-0-day

Defensive Security Podcast Episode 64

Podcast, ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Some advice from Bob, arrest made in the heartbleed attack on the Canadian Revenue Agency; Heartbleed used to bypass 2 factor controls,;Mandiant’s 2014 M-Trends report; The economics of security controls; 3 million credit cards stolen from Michaels and Aaron’s stores; Hardward company Lacie has a year long data breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed

https://www.mandiant.com/blog/attackers-exploit-heartbleed-openssl-vulnerability-circumvent-multifactor-authentication-vpns/

http://www.v3.co.uk/v3-uk/news/2340171/hackers-hit-harley-medical-group-in-customer-data-extortion-attempt

https://www.mandiant.com/blog/mtrends-2014-threat-report-revealed/

http://www.fireeye.com/blog/corporate/2014/04/the-economics-of-security.html

http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/

http://krebsonsecurity.com/2014/04/hardware-giant-lacie-acknowledges-year-long-credit-card-breach/

Defensive Security Podcast Episode 63

Podcast,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Heartbleed!

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-taxpayer-data/
http://arstechnica.com/security/2014/04/private-crypto-keys-are-accessible-to-heartbleed-hackers-new-data-shows
http://www.vox.com/2014/4/12/5601828/we-massively-underinvest-in-internet-security

Defensive Security Podcast Episode 62

Podcast, , , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.darkreading.com/vulnerabilities—threats/cyber-criminals-operate-on-a-budget-too/d/d-id/1141650
http://www.esecurityplanet.com/network-security/cyber-insurance-covers-that-7-items-you-might-not-know.html
http://www.tripwire.com/state-of-security/featured/security-meaning-hype/
http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html
http://www.computerworld.com/s/article/9247309/Bank_abandons_place_in_class_action_suit_against_Target_Trustwave
http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/
http://www.networkworld.com/news/2014/040214-understanding-incident-response-5-tips-280338.html?page=1

Defensive Security Podcast Episode 61

Podcast

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Big announcement inside!

Stories covered:
http://www.mercurynews.com/business/ci_25369262/jesse-jackson-take-techs-lack-diversity
https://securosis.com/blog/jennifer-minella-is-now-a-contributing-analyst
http://seclists.org/dailydave/2014/q1/74
http://www.hollywoodreporter.com/news/man-who-exposed-target-security-689782
http://www.cnet.com/news/symantec-fires-ceo-steve-bennett/
 

Defensive Security Podcast Episode 60

Podcast, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target’s QSA, gets sued as a result of the breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

https://blogs.rsa.com/bad-decisions-made-faster-qualitative-security-risk-assessments-making-things-worse/

http://www.tripwire.com/state-of-security/vulnerability-management/defend-like-attacker/

https://secunia.com/vulnerability-review/

https://www.slideshare.net/secret/3LQwBdlNZ03kFO

https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/

http://www.bbc.com/news/technology-26358042

http://www.networkworld.com/news/2014/031714-4-lessons-cios-can-learn-279785.html?page=1

http://www.computerworld.com/s/article/9247017/Court_approves_first_of_its_kind_data_breach_settlement

http://www.chicagobusiness.com/article/20140325/BLOGS11/140329865?template=mobile

Defensive Security Podcast Episode 59

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf

http://krypt3ia.wordpress.com/2014/03/09/assessment-corporate-threat-intelligence-versus-actual-intelligence-products/

https://securosis.com/mobile/advanced-endpoint-and-server-protection-quick-wins/full

http://www.networkworld.com/news/2014/030514-cios-battle-worker-apathy-towards-279420.html

http://www.csoonline.com/article/749450/navy-network-hack-has-valuable-lessons-for-companies

http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/

New Podcast Audio Setup

Podcast

Up until now, I’ve been running the podcast on the cheap: a decent microphone, my wife’s borrowed laptop and Skype for pulling in Mr. Kalat. The audio has suffered a bit, because it’s really tough to balance the audio levels coming from Skype and from my microphone. I was also going mad from hearing myself on a slight delay, too.

Now that we have more than a few listeners, I thought it would be a good idea to invest in some real sound gear.

I had recently watched a video by Paul Asadoorian of PaulDotCom (now Security Weekly) fame from BSides Rhode Island where Paul describes what it takes to put on a podcast. He gave some great suggestions which helped me figure out what to do.

It might not look like a lot, but this is now how the Defensive Security Podcast will get mixed and recorded.

20140312-212755.jpg

I can share a connection diagram if anyone is interested.

Defensive Security Podcast Episode 58

Podcast, , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html
http://www.csoonline.com/article/749298/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method
http://www.csoonline.com/article/749307/five-things-to-know-about-malware-before-driving-it-out
http://www.csoonline.com/article/749076/why-you-need-to-segment-your-network-for-security
http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/
http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/

Defensive Security Podcast Episode 57

Podcast, Security, , , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://meetupblog.meetup.com/post/78413031007/no-doubt-this-has-been-a-tough-weekend-for
http://www.networkworld.com/research/2014/022414-how-to-test-the-security-279049.html
http://www.networkworld.com/news/2014/022014-why-companies-need-to-check-278927.html
http://www.networkworld.com/news/2014/022414-6-lessons-learned-about-the-279082.html
http://www.networkworld.com/news/2014/022414-how-it-can-establish-better-279048.html
http://www.counciloncybersecurity.org/attachments/article/12/CSC-MASTER-VER50-2-27-2014.pdf