Category: Podcast

Defensive Security Podcast Episode 59

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf

http://krypt3ia.wordpress.com/2014/03/09/assessment-corporate-threat-intelligence-versus-actual-intelligence-products/

https://securosis.com/mobile/advanced-endpoint-and-server-protection-quick-wins/full

http://www.networkworld.com/news/2014/030514-cios-battle-worker-apathy-towards-279420.html

http://www.csoonline.com/article/749450/navy-network-hack-has-valuable-lessons-for-companies

http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/

New Podcast Audio Setup

Up until now, I’ve been running the podcast on the cheap: a decent microphone, my wife’s borrowed laptop and Skype for pulling in Mr. Kalat. The audio has suffered a bit, because it’s really tough to balance the audio levels coming from Skype and from my microphone. I was also going mad from hearing myself on a slight delay, too.

Now that we have more than a few listeners, I thought it would be a good idea to invest in some real sound gear.

I had recently watched a video by Paul Asadoorian of PaulDotCom (now Security Weekly) fame from BSides Rhode Island where Paul describes what it takes to put on a podcast. He gave some great suggestions which helped me figure out what to do.

It might not look like a lot, but this is now how the Defensive Security Podcast will get mixed and recorded.

20140312-212755.jpg

I can share a connection diagram if anyone is interested.

Defensive Security Podcast Episode 58

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html
http://www.csoonline.com/article/749298/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method
http://www.csoonline.com/article/749307/five-things-to-know-about-malware-before-driving-it-out
http://www.csoonline.com/article/749076/why-you-need-to-segment-your-network-for-security
http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/
http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/

Defensive Security Podcast Episode 57

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://meetupblog.meetup.com/post/78413031007/no-doubt-this-has-been-a-tough-weekend-for
http://www.networkworld.com/research/2014/022414-how-to-test-the-security-279049.html
http://www.networkworld.com/news/2014/022014-why-companies-need-to-check-278927.html
http://www.networkworld.com/news/2014/022414-6-lessons-learned-about-the-279082.html
http://www.networkworld.com/news/2014/022414-how-it-can-establish-better-279048.html
http://www.counciloncybersecurity.org/attachments/article/12/CSC-MASTER-VER50-2-27-2014.pdf

 

Defensive Security Podcast Episode 56

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2014/021214-white-house-pushes-cybersecurity-framework-278705.html

http://www.networkworld.com/news/2014/021114-it-innovation-challenging-security-pros39-278671.html

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

https://www.maliciouslink.com/what-the-target-breach-should-tell-us/

https://www.maliciouslink.com/what-the-target-breach-can-teach-us-about-vendor-management/

http://m.slashdot.org/story/198359

http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf

http://www.networkworld.com/news/2014/021814-6-tips-to-combat-advanced-278854.html

http://www.networkworld.com/news/2014/021914-time-to-drop-unnecessary-admin-278888.html & http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html

https://www.maliciouslink.com/one-weird-trick-to-secure-you-pcs/

http://www.businessweek.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data

https://www.maliciouslink.com/lessons-from-the-neiman-marcus-breach/

Defensive Security Podcast Episode 55

Podcast: Play in new window | Download | Embed

Subscribe: RSS

A small bit of advice from Bob; A lengthy discussion on communicating risk to management.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Risk Science Podcast: http://riskscience.net/

Defensive Security Podcast Episode 54

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics;  Optimizing the use of security budgets in larger organizations.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
Verizon PCI report: http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf

http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
http://www.infoworld.com/d/security/target-attack-shows-danger-of-remotely-accessible-hvac-systems-235919

http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html
http://www.businessinsider.com/nbc-richard-engel-hacking-report-cyber-attack-sochi-olympics-2014-2

http://www.techrepublic.com/blog/it-security/how-mid-to-large-companies-can-optimize-security-budgets/

Defensive Security Podcast Episode 53

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; Follow up on Coke’s lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you

http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/

http://www.networkworld.com/news/2014/013114-target-credential-theft-highlights-third-party-278305.html

http://www.networkworld.com/news/2014/013014-positioning-your-institution39s-response-in-278292.html

http://www.networkworld.com/news/2014/013014-tor-enabled-malware-stole-credit-card-278289.html?source=nww_rss

Defensive Security Podcast Episode 52

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 51

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Bob’s wisdom for the week;  Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules, what will be the PCI council’s response?  AWS & GoDaddy hosting malware.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Why we don’t rely on AV: https://securosis.com/blog/a-very-telling-antivirus-metric

Target:
1. http://arstechnica.com/security/2014/01/point-of-sale-malware-infecting-target-found-hiding-in-plain-sight/
2. http://www.f-secure.com/weblog/archives/00002660.html

Risk Science Podcast Episode 10: http://riskscience.net/2013/12/26/episode-10-speculation-and-conjecture/

AWS & godaddy: http://m.slashdot.org/story/196881.