Information Security Podcast
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.
Podcast: Play in new window | Download | Embed
Subscribe: RSS
The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon 3.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading “Defensive Security Podcast Episode 37”
Podcast: Play in new window | Download | Embed
Subscribe: RSS
How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading “Defensive Security Podcast Episode 36”
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading “Defensive Security Podcast Episode 35”
Podcast: Play in new window | Download | Embed
Subscribe: RSS
On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it?lite
http://akamai.infoworld.com/t/data-security/how-secure-your-company-against-nsa-inspired-hacking-226264
http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Cause of recent DOE breach revealed to be outdated Coldfusion: http://www.informationweek.com/security/attacks/energy-dept-hack-details-emerge/240160685
30% of adults willingly open emails they know are malicious: http://www.csoonline.com/article/738869/social-engineering-study-finds-americans-willingly-open-malicious-emails?page=1
Spear phishing led to successful attacks on the nyt and twitter: http://www.networkworld.com/news/2013/082813-spear-phishing-led-to-dns-273297.html?page=1
DNS attack types: http://images.infoworld.com/d/security/3-types-of-dns-attacks-and-how-deal-them-225826
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO’s; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner’s recommendations for engaging the board of directors and other management in the security process.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Mcafee sorry for its $1T estimate: http://www.afr.com/p/technology/mcafee_regrets_flawed_trillion_dollar_msQ2WFkVLEZKx7Yv7ZCMQI
Snowden effect: http://www.networkworld.com/news/2013/082113-how-the-snowden-effect-is-273051.html
http://www.scmagazine.com.au/News/354155,millions-stolen-from-us-banks-after-wire-payment-switch-targeted.aspx
Gartner’s recommendations for engaging the board on infosec: http://www.zdnet.com/the-ciso-shouldnt-be-the-defender-of-security-gartner-7000019539/
Here is the link to the Down The Rabbit Hole podcast I mentioned: http://podcast.wh1t3rabbit.net/dt-r-episode-54-evolution-of-info-sec-with-the-godfather-of-ips
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Windows XP vulnerabilities may be stored up: http://www.infoworld.com/d/microsoft-windows/xps-retirement-will-be-hacker-heaven-224796?page=0,1
Department of Energy hacked for second time this year; they are out front on the effort to protect critical infrastructure: http://www.theverge.com/2013/8/16/4628284/department-of-energy-hackers-steal-personal-data-from-14000-employees
Prioritizing vulnerabilities http://blog.risk.io/2013/08/stop-fixing-all-the-things-bsideslv/
Lavabit:
Note:
Here is the link to the Society for Information Risk Analysts I mentioned: https://www.societyinforisk.org/ – the mailing list is here: http://lists.societyinforisk.org/mailman/listinfo/sira
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/
Incentives for complying with cyber framework: http://www.csoonline.com/article/737795/white-house-considers-incentives-for-cybersecurity?page=1
Benefits of expanding the cyber insurance market: http://nakedsecurity.sophos.com/2013/08/09/will-insurance-firms-be-the-big-winners-in-the-struggle-for-cyber-security/
Thousands of .nl domains redirected to black hole exploit kit: http://www.zdnet.com/dutch-dns-server-hack-thousands-of-sites-serve-up-malware-7000019196/
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators, large UK companies urged to perform a cyber security review, and the misuse of the term “black swan”.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Cyber security: http://www.digitalcrazytown.com/2013/08/is-it-cybersecurity-cyber-security-or.html
USB security concerns: http://www.zdnet.com/usb-flash-drives-masquerading-as-keyboards-mean-more-byod-security-headaches-7000018737/
OVH hack highlights exposure of administrators: http://www.itpro.co.uk/cloud/20266/ovh-hack-prompts-calls-tigher-system-admin-security-controls
GCHQ & MI5 pushing for security review of UK companies: http://www.computerweekly.com/news/2240201775/MI5-and-GCHQ-call-for-FTSE-350-cyber-health-check
Black swans: http://exploringpossibilityspace.blogspot.com/2013/07/think-you-understand-black-swans-think.html
