Category Archives: Podcast

Defensive Security Podcast Episode 46

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More security thoughts from Bob; A paper on thwarting targeted email attacks from Japan; Security recommendations for SMB’s from Sophos; An update on Badbios; How to handle our parent’s infected home computers over the holidays.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Guide on preventing targeted email attacks and one on preventing apt: http://www.ipa.go.jp/security/english/newattack_en.html

SMB’s putting themselves at risk: http://www.networkworld.com/news/2013/112613-small-businesses-put-themselves-at-276393.html?source=nww_rss

Badbios update:
PoC audio comms: http://news.cnet.com/8301-1009_3-57614442-83/malware-jumps-air-gap-between-non-networked-devices/
Investigation continues, slowly: https://plus.google.com/app/basic/stream/z13zzjjaun3iwj32g23cz52wykrrvjjce#_MBDG1 –

Defensive Security Podcast Episode 45

Podcast,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

99% of Indian programmers lack secure coding skills; Gartner’s 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://m.infoworld.com/d/security/malware-war-without-end-231654
http://www.networkworld.com/news/2013/103013-gartner-defense-attacks-275438.html

Defensive Security Podcast Episode 44

Podcast, , , , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for C&C; A longer than expected discussion on Stuxnet.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Anonymous government hacks: http://www.reuters.com/article/2013/11/15/us-usa-security-anonymous-fbi-idUSBRE9AE17C20131115

http://krebsonsecurity.com/2013/11/cupid-media-hack-exposed-42m-passwords/

http://blogs.technet.com/b/mmpc/archive/2013/11/20/carberp-based-trojan-attacking-sap.aspx

http://sophos.files.wordpress.com/2013/11/2013-ponemon-institute-midmarket-trends-sophos.pdf

http://www.networkworld.com/news/2013/112013-expert-botnet-takedowns-are-about-276161.html

Block TOR and i2p: http://www.infoworld.com/d/security/cyber-crime-forum-advertises-financial-malware-uses-stealthy-i2p-communications-231410

Brief mention of the stuxnet report: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf

Defensive Security Podcast Episode 43

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
PCI 3: http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208
Study of malware analysts, highlighting that it’s apparently common to not disclose breaches: http://www.threattracksecurity.com/documents/malware-analysts-study.pdf
EastWest produces document outlining need for better incident/breach metrics: https://dl.dropboxusercontent.com/s/84odmpmtoee7rbu/MCP%20Final%2010_22_2013.pdf
VERIS Community already has this: http://www.veriscommunity.net/doku.php?id=public and it’s part of the input for the DBIR
Benefits of a grc application: http://www.computerworld.com/s/article/9243025/The_best_data_security_offense_is_a_good_defense?taxonomyId=17&pageNumber=1

 

 

Defensive Security Podcast Episode 42

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn’t pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk on advanced malware.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

http://www.networkworld.com/news/2013/110513-long-live-perimeter-275650.html?page=1

http://news.cnet.com/8301-1009_3-57611528-83/nsa-workers-reportedly-shared-their-passwords-with-snowden/
http://arstechnica.com/security/2013/11/internet-explorer-users-face-drive-by-attacks-targeting-new-0day-bug/

Defensive Security Podcast Episode 41

Podcast, , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are not pretty; Some security researchers completely compromise a government agency with a fake Facebook profile of an attractive lady; and all sorts of craziness about .

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.infoworld.com/d/security/new-malware-variant-suggests-cybercriminals-targeting-sap-users-230014
http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/
http://qz.com/120946/the-complete-guide-to-not-being-that-idiot-who-got-the-company-hacked/
http://www.darkreading.com/vulnerability/social-engineers-pwn-the-human-network-i/240163379
http://www.zdnet.com/government-agency-compromised-by-fake-facebook-hottie-7000022700/
BadBIOS intro: http://blog.erratasec.com/2013/10/badbios-features-explained.html
BadBIOS rebuttal: http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

Defensive Security Podcast Episode 40

Podcast, , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Federal employees circumventing onerous security controls resulting in breaches;  Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2013/101713-federal-security-breaches-traced-to-274944.html
http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money
http://bartblaze.blogspot.com/2013/10/phpnet-compromised.html
http://arstechnica.com/security/2013/10/hackers-compromise-official-php-website-infect-visitors-with-malware/
http://www.pcworld.com/article/2056188/brace-for-stronger-ddos-attacks-security-firm-warns.html

Defensive Security Podcast Episode 39

Podcast, ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.csoonline.com/article/741530/security-spending-continues-to-run-a-step-behind-the-threats?page=1
http://www.techrepublic.com/blog/it-security/how-to-respond-to-a-malware-incident/
http://www.infoworld.com/d/security/jump-boxes-improve-security-if-you-set-them-right-228742
http://www.marketplace.org/topics/tech/hacked-small-businesses-often-have-no-place-turn
Presentation at RSA security analytica: https://www.youtube.com/watch?v=EDR6SwQ_i0I | https://community.emc.com/docs/DOC-27380

Defensive Security Podcast Episode 38

Podcast, , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Pages: 1 2

Defensive Security Podcast Episode 37

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to  weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon 3.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading Defensive Security Podcast Episode 37