Podcast – Page 26 – Defensive Security Podcast

Defensive Security Podcast Episode 40

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Federal employees circumventing onerous security controls resulting in breaches; Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://www.networkworld.com/news/2013/101713-federal-security-breaches-traced-to-274944.html
http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money
http://bartblaze.blogspot.com/2013/10/phpnet-compromised.html
http://arstechnica.com/security/2013/10/hackers-compromise-official-php-website-infect-visitors-with-malware/
http://www.pcworld.com/article/2056188/brace-for-stronger-ddos-attacks-security-firm-warns.html

Defensive Security Podcast Episode 39

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://www.csoonline.com/article/741530/security-spending-continues-to-run-a-step-behind-the-threats?page=1
http://www.techrepublic.com/blog/it-security/how-to-respond-to-a-malware-incident/
http://www.infoworld.com/d/security/jump-boxes-improve-security-if-you-set-them-right-228742
http://www.marketplace.org/topics/tech/hacked-small-businesses-often-have-no-place-turn
Presentation at RSA security analytica: https://www.youtube.com/watch?v=EDR6SwQ_i0I | https://community.emc.com/docs/DOC-27380

Defensive Security Podcast Episode 38

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Pages: 12

Defensive Security Podcast Episode 37

Podcast: Play in new window | Download | Embed

Subscribe: RSS

The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon 3.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading “Defensive Security Podcast Episode 37”

Defensive Security Podcast Episode 36

Podcast: Play in new window | Download | Embed

Subscribe: RSS

How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading “Defensive Security Podcast Episode 36”

Defensive Security Podcast Episode 35

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading “Defensive Security Podcast Episode 35”

Defensive Security Podcast Episode 34

Podcast: Play in new window | Download | Embed

Subscribe: RSS

On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it?lite

http://akamai.infoworld.com/t/data-security/how-secure-your-company-against-nsa-inspired-hacking-226264

http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471

Defensive Security Podcast Episode 33

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Cause of recent DOE breach revealed to be outdated Coldfusion: http://www.informationweek.com/security/attacks/energy-dept-hack-details-emerge/240160685

30% of adults willingly open emails they know are malicious: http://www.csoonline.com/article/738869/social-engineering-study-finds-americans-willingly-open-malicious-emails?page=1

Spear phishing led to successful attacks on the nyt and twitter: http://www.networkworld.com/news/2013/082813-spear-phishing-led-to-dns-273297.html?page=1

DNS attack types: http://images.infoworld.com/d/security/3-types-of-dns-attacks-and-how-deal-them-225826

Defensive Security Podcast Episode 32

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO’s; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner’s recommendations for engaging the board of directors and other management in the security process.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Mcafee sorry for its $1T estimate: http://www.afr.com/p/technology/mcafee_regrets_flawed_trillion_dollar_msQ2WFkVLEZKx7Yv7ZCMQI

Snowden effect: http://www.networkworld.com/news/2013/082113-how-the-snowden-effect-is-273051.html

http://www.scmagazine.com.au/News/354155,millions-stolen-from-us-banks-after-wire-payment-switch-targeted.aspx

Gartner’s recommendations for engaging the board on infosec: http://www.zdnet.com/the-ciso-shouldnt-be-the-defender-of-security-gartner-7000019539/

Here is the link to the Down The Rabbit Hole podcast I mentioned: http://podcast.wh1t3rabbit.net/dt-r-episode-54-evolution-of-info-sec-with-the-godfather-of-ips

Defensive Security Podcast Episode 31

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Windows XP vulnerabilities may be stored up: http://www.infoworld.com/d/microsoft-windows/xps-retirement-will-be-hacker-heaven-224796?page=0,1

Department of Energy hacked for second time this year; they are out front on the effort to protect critical infrastructure: http://www.theverge.com/2013/8/16/4628284/department-of-energy-hackers-steal-personal-data-from-14000-employees

Prioritizing vulnerabilities http://blog.risk.io/2013/08/stop-fixing-all-the-things-bsideslv/

Lavabit:

http://investigations.nbcnews.com/_news/2013/08/13/20008036-lavabitcom-owner-i-could-be-arrested-for-resisting-surveillance-order?lite

http://www.theguardian.com/commentisfree/2013/aug/10/lavabit-closure-cloud-computing-edward-snowden

Note:

Here is the link to the Society for Information Risk Analysts I mentioned: https://www.societyinforisk.org/ – the mailing list is here: http://lists.societyinforisk.org/mailman/listinfo/sira