Category Archives: Podcast

Defensive Security Podcast Episode 22

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Risk Science Podcast, Forensic 4Cast podcast, Gartner security myths, 2013 OWASP top ten, FDA finds security risk in medical devices, Oracle fixes 40 more java bugs, B-sides Rhode Island videos, Can the Germans break PGP?

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Risk Science Podcast: http://riskscience.net/

Forensic4Cast :http://forensic4cast.com/

Gartner security myths: http://www.networkworld.com/news/2013/061113-gartner-reveals-top-10-it-270738.html

2013 OWASP top ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

FDA finds security risk in medical devices: http://www.networkworld.com/news/2013/061413-federal-regulators-address-rising-security-270844.html

Oracle fixes 40 more java bugs: https://www.infoworld.com/d/security/oracle-ship-40-security-fixes-java-se-220758

B-sides Rhode Island videos: http://www.irongeek.com/i.php?page=videos%2Fbsidesri2013%2Fmainlist

Can the Germans break PGP? http://malwarejake.blogspot.com/2013/06/are-germans-really-breaking-pgp-and-ssh.html

Defensive Security Podcast Episode 21

Podcast, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Verizon, PRISM and Edward Snowden, Java users are bad at patching, cost of breaches is up, Microsoft operation takes down 1462 Citadel botnets, malware increasingly using peer to peer communications for command and control, and malware trends.

 

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading Defensive Security Podcast Episode 21

Defensive Security Podcast Episode 20

Podcast, Security

Podcast: Play in new window | Download | Embed

Subscribe: RSS

US power grid is highly vulnerable and under constant attack, Iran attacking energy companies, increase in sophisticated attacks against keys and certificates, Indian government site redirects to black hole exploit kit, FSB report find that only 36% of small businesses regularly patch, 5 quick wins from the DBIR, Google to give software vendors 7 days prior to releasing information on active exploits, and planning for the failure of malware prevention.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading Defensive Security Podcast Episode 20

Defensive Security Podcast Episode 19

Podcast, ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Adobe and Microsoft patches, signed Mac malware, EC Council website hacked, 7 steps to secure Java,  Microsoft on invulnerable software, more on OpUSA, Ohio city’s taxpayer database stolen and the importance of malware being invisible.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading Defensive Security Podcast Episode 19

Defensive Security Podcast Episode 18

Podcast, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Adobe warns customers of a Cold Fusion 0day, Washing courts owned by that 0day, web servers found compromised with the Cdorked/Darkleech, critical vulnerability in Nginx, Anonymous’ opUSA turned out to be a bunch of nothing, too many admins is bad for security, Name.com gets compromised, The Onion’s twitter feed is compromise by the SEA, slippery slope of BYOD and Google’s plans for authentication.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

 

Cold fusion: http://www.networkworld.com/news/2013/050913-adobe-warns-customers-of-unpatched-269596.html

Defensive Security Podcast Episode 17

Podcast, Security, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

This week: Twitter warns news agencies of attacks and to use dedicated PCs for using twitter, the US department of Labor website was compromised and serving up an 0day for IE8, 18 12-13 year olds in Alaska socially engineered passwords for 300 computers out of their teachers, iOS did NOT have a malicious app discovered, AV vendors are starting to shun Windows XP, 7 elements of a successful security awareness program, and the unforeseen impacts of cyberwar.

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Episode 17

http://security.onestopclick.com/technology_news/media-warned-to-tighten-twitter-security_474.htm

http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/

http://www.bbc.co.uk/news/technology-22398484

http://www.networkworld.com/news/2013/050213-ios-app-contains-potential-269393.html

http://podcasts.infoworld.com/t/anti-virus/windows-xp-risk-antivirus-vendors-jump-ship-217806

http://www.wired.co.uk/news/archive/2013-05/2/comment-crew-plunder-qinetiq

http://www.networkworld.com/news/2013/050113-the-7-elements-of-a-269301.html

http://www.networkworld.com/news/2013/050113-livingsocial-breach-scope-widens-on-269295.html

http://qz.com/81268/the-worst-possible-cybersecurity-breaches-could-be-far-worse-than-you-imagined/

Defensive Security Podcast Episode 16

Podcast, Security,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode, another Java 0day, Symantec’s Q1 2013 0day roundup, the Akamai State of the Internet report, the Verizon 2013 DBIR, AP’s twitter feed hack, and cyber terrorists.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.scmagazine.com/livingsocial-updates-encryption-practices-after-password-breach-affects-50m/article/291042/

Q1 0day vulnerabilities: http://www.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities

http://www.akamai.com/stateoftheinternet/

http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf

http://akamai.infoworld.com/d/security/5-hot-security-defenses-dont-deliver-217045

http://www.pcworld.com/article/2036261/ap-twitter-hack-prompts-fresh-look-at-cybersecurity-needs.html

http://www.hotforsecurity.com/blog/associated-press-twitter-account-hack-hits-us-stock-prices-6015.html

http://www.theinquirer.net/inquirer/news/2263460/cyber-terrorists-are-only-a-matter-of-time-warns-eugene-kaspersky

Defensive Security Podcast Episode 15

Podcast, Security, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

This week: Twitter account hacks highlight opportunity for exploitation by attackers, Microsoft and Malwarebytes both release bad patches, Oracle releases a Java patch which fixes 42 security bugs, Oracle announces that Java 8 is delayed due to the focus on Java 7, a new botnet is being created by compromising WordPress installations for some unknown purpose, Linode was compromised in an attack targeted at some Linode customers, Microsoft finds a trojan that cleans up after itself in the next wave of anti-forensics, the Boston marathon bombing and West, Texas explosions see many phishing scams leading to malware installations, spam is down, targeted attacks via email are up, Microsoft released it’s second half 2012 Security Intelligence Report with some odd mixes of data, Microsoft releases EMET 4.0 beta, and a former employee has been charged with planting back doors on 2723 Hostgator servers.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

60 minutes, 48 hours, NPR, BBC twitter accounts recently hacked.

MS and Malwarebytes released bad updates

http://krebsonsecurity.com/2013/04/java-update-plugs-42-security-holes/

http://mreinhold.org/blog/secure-the-train

http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

http://www.theregister.co.uk/2013/04/16/linode_breach/

http://m.darkreading.com/133696/show/b7639d290f6c32534f633e85cfe6ac04/

Boston bombing used to spread malware in multiple ways
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Z6nE3UFETb0/

http://news.cnet.com/8301-1009_3-57579847-83/targeted-cyberattacks-jump-42-percent-in-2012-symantec-says/

SIR: http://download.microsoft.com/download/E/0/F/E0F59BE7-E553-4888-9220-1C79CBD14B4F/Microsoft_Security_Intelligence_Report_Volume_14_Key_Findings_Summary_English.pdf

http://blogs.technet.com/b/srd/archive/2013/04/18/introducing-emet-v4-beta.aspx

http://arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/

 

 

Defensive Security Podcast Episode 14

Podcast, Security, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

I’ll be picking someone to give an e-copy of @Taosecurity’s new book “The Practice of Network Security” who sends me an email with feedback on the show.
Encrypt your drives, eve. If you don’t think the computer will leave the office: http://feedly.com/k/ZM172z

Spate of MS and Adobe patches fix numerous remote code execution and priv escalation bugs

SEC filings seem to disagree with the growing furor over cyber attacks: http://feedly.com/k/ZM1IRB

51 weeks of windows XP left

FireEye threat report: http://feedly.com/k/11mWyAn

2 ideas for better security: http://feedly.com/k/14VTn5V

A review of APT1 http://www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf

http://packetstormsecurity.com/news/view/22398/Author-Of-The-SSH-Protocol-Wants-A-New-One.html

http://www.networkworld.com/news/2013/041013-shylock-bank-trojan-upgraded-with-268583.html?source=nww_rss

http://packetstormsecurity.com/news/view/22399/Porn-Sites-Pose-Growing-Malware-Risk.html

http://www.bankinfosecurity.com/global-closes-breach-investigation-a-5684?rf=2013-04-15-eb&elq=593a933acd7a48d4b7e39bcc55f49e62&elqCampaignId=6440

Defensive Security Podcast Episode 13

Podcast, Security, ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

The Internet destroying ddos attack that wasn’t

http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-cyberheist-victim/

http://hothardware.com/News/Huge-Spike-In-Mobile-Data-Traffic-Drives-IEEE-400-Gigabit-Ethernet-Standard/

http://adamcaudill.com/2013/04/04/security-done-wrong-leaky-ftp-server/

http://nakedsecurity.sophos.com/2013/04/05/ransomware-child-buse/

http://blog.trendmicro.com/trendlabs-security-intelligence/three-lessons-from-the-south-korea-mbr-wiper-attacks/