An Information Security Place Podcast

Holy crap, we recorded an episode. That’s all I got to say about that… Show Notes: InfoSec News Update – Howard Schmidt is Retiring – Link Here Vulnerability Stats of Publicly Traded Companies – Link Here Tool Update – Threadfix from Denim Group – Link Here The Mission Impossible Self-Destructing SATA SSD Drive – Link Here The WAF Wars – Link 1 / Link 2 / Link 3 PwnieExpress Releases PwnPlugUI/OS 1.1 – Link Here App for scanning faces to gauge age at bars – Link Here Business Logic Testing defined – Link 1 ErrataSec – Wants your hotel PCAP Files – Link 1 / Link 2 Discussion Topic – Should specific security efforts be validated when the program as a whole is crap? Link Here Music Notes:?Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour Dates: June 1 – Dallas – Curtain Club Intro – RivetHead – “The 13th Step” News Bed – RivetHead - “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to MP3

Today’s show is Michael interviewing Kevin Riggins. Kevin is an Enterprise Security Architect for a Fortune 500 financial services company. Kevin and Michael have some great conversation about Kevin’s job, what he is doing at RSA, where he blogs, the book he coauthored, etc. (look below in the show notes for links to everything). Then a fun discussion starts about cloud, risk, mobility, risk in the cloud, risk in mobility, risk of mobility integrated with the cloud, and so on. Good stuff all around. Here’s some links to stuff about Kevin and other stuff we talked about in the show. Management Team Member for the Society of Information Risk Analysis – link Coauthor on The Cloud Security Rules – link Kevin blogs at Infosecramblings – link Twitter pages – link and link and link

Thanks go to Jeremiah Grossman for sitting down with Michael for some great discussion. Jeremiah is the CTO at Whitehat Security and a very well known figure in the InfoSec industry. Jeremiah and Michael talk about Hawaii, sharks, security philosophy, RSA, stage fright, Jeremiah’s TED talk (not published as of the posting of this entry), and the age of the InfoSec industry and whether young folks are coming into the fold. You can find Jeremiah at Whitehat (link above) and his blog, and you can follow him and on Twitter as well. Jeremiah will be giving a talk and participating on panel at RSA as well, so be sure to attend those if you are going to the RSA Conference 2012.

Wow! 6 Months…and 2 job changes later, we are finally back to recording! YEAH!….Here the latest show from our intrepid hosts. Show Notes: InfoSec News Update – The Hacker News Hacking Awards : Best of Year 2011 – Link Here Japan’s Anti-Virus Virus – Link Here Nginx (pronunciation: “engine-ex”) becomes #2 web server Saudi hackers break into Israeli site – Link Here 3 Surefire Ways to Tick Off an Auditor – Link Here OWASP AJAX Crawling Tool – Link1 / Link2 Discussion Topic – 2012 Breach Report Care2 Discloses Breach; Company Has Nearly 18 Million Members – Link Here AntiSec hit California and NY Law Enforcement Sites – Link Here Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank – Link Here Music Notes:Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour Dates: Jan 6 – Dallas – Curtain Club Jan 27 – Dallas – Trees Jan 28 – Dallas – Trees Mar 2 – Dallas – Curtain Club – 7th Album CD Release Party Mar 3 – Houston – BFE Rock Club Mar 24 – Fort Worth – The Rail Club May 5 – Dallas – Renos Chop Shop Intro – RivetHead – “The 13th Step” News Bed – RivetHead - “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to MP3

Today we have an interview for you. Michael had a great time sitting down with four gentlemen (they might not all agree with that term) from SpiderLabs over at Trustwave. The aforementioned SpiderLabs folks were Nicholas Percoco (@c7five), Steve Ocepek (@nosteve), Matt Jakubowski (@jaku), and Zack Fasel (@zfasel) – those are Twitter aliases for you newbs out there. They went over their respective histories, talked about SpiderLabs and their leetness, discussed a few talks that they are doing at DEFCON, talked about their party at DEFCON that will be held in a super-secret location, and went through about 50 SpiderLabs insider jokes. Michael is also pretty sure someone (Zack) was enjoying adult beverages (Zack) during the recording (Zack), but he might be wrong… Enjoy the show. And once again, thanks to Rivethead for the tracks. Go out to their website to see the latest on them, where they are playing, and all their news.

A lot of discussion in this episode. And what is more funny is Dan actually cuts Jim off on a subject. Yes, you heard it right. The famous “Web Security Minute Turned to 20 Minutes” Dan makes Jim stop talking. I guess the end of the world IS here! Oh, and Dan leads us into the Land of Many Links with his Clickjacking story. Show Notes: InfoSec News Update - HouSecCon 2011 update – Registration is open – Link Here PCI Physical badging Gap – Link Here Using Mario against us (evil) – Link Here FUD article of the day – Half of lost/stolen mobile device have sensitive info on them – Link Here Defining appropriate Cyber Attack response, A.K.A Eat my cruise missile you Commie, Pinko hacker! – Link Here Clickjacking, Cookiejacking oh my! – Link 1 / Link 2 / Link 3 / Link 4 Can you have too much security? – Link Here Geek Toys - Ubertooth-one starting to ship – Link Here Pwnie Express Rides – Link Here Discussion Topic – Five Infamous Database Breaches So Far In 2011 – Link Here Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour dates: July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX Intro – RivetHead – “Stirring It Up Again” News Bed – RivetHead - “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to MP3

I am tired of making excuses about us being late, so here is friggin’ episode #05-2011. Have fun! Show Notes: InfoSec News Update - HouSecCon 2011 update – Registration is open – Link Here Michaels Breached due to Card Skimmers – Link Here Dropbox saga continues (and heads to the feds) – Link 1 / Link 2 / Link 3 Fox Broadcasting hacked – Link Here Verizon Business releases their 2011 DBI Report – Link Here (NOTE: LINK TO PDF) Mythbusting: Static Analysis Software Testing – Link Here LastPass incident handling – Link Here CVRF – Common Vulnerability Reporting Framework – Link here Discussion Topic – Scoping too small… Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour dates: July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX Intro – RivetHead – “Stirring It Up Again”News Bed – RivetHead - “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to MP3

Hey, all three of us are here, and on schedule…. somebody check the temp outside Show Notes: InfoSec News Update -   TexSecConTriangle.com coming soon – HouSecCon, BSidesDFW, and LasCon Gonzales Update – Link Here Dropbox Pwnage -Link Here TX exposes 3.5 Mill records – Link Here Yet another Security Company Fail – Link Here IPhone keylogger – Link Here Law Firms Under Siege – Link Here Discussion Topic – Reading the Fine Print in Cloud Computing – Link Here Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour dates: Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX Intro – RivetHead – “Stirring It Up Again” News Bed – RivetHead - “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to MP3

So it took a bit longer this time due to scheduling, and bodily harm on Michael’s part… but we finally got another episode recorded. Enjoy. Show Notes: InfoSec News Update - HouSecCon 2011 – Call for Papers is still On The Data Breach Final Four Bracket – Link Here Watching the Fall Out….Again – RSA Hacked – Link Here Samsung Installing A Keylogger on New Laptops…. Or Maybe not – Link 1 / Link 2 /Link 3 HealthNet Breach – Link Here NASA Needs to Develop A Security Program – Link Here Mass SQL Injection – Link Here Personal Story – Really Sketchers? Really? Discussion Topic – How Detailed is Your DR Plan? Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour dates: Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX Intro – RivetHead – “Stirring It Up Again” News Bed – RivetHead – “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to MP3

We have a little bit of innuendo humor on this episode, and we all break into some hysterics (it’s all in the geek toys section, so fast forward if you want to hear all that). Around that is some information and opinion on InfoSec stuff. We figured we would throw that in there because of the name of the podcast, but whatever… Show Notes: InfoSec News Update - HouSecCon 2011 Call for Papers – Link Here Busting DLP Myths or Playing with Hype? Link Here Google collecting kid’s info (including last 4 of SSN) for Doodling contest – Link Here Smartphone security threats overdramatized – Link Here 7 Deadly Sins – Link Here Another certification debate – Link Here Abusing HTTP Status Codes to Expose Private Information – Link Here Geek Toys – Dream Plug PC – Link Here ATI 5970 for the GPU Win – Link Here for Specs / Link to Hashcat Forums Discussion Topic – Saying No to Bad Patents – Link 1 / Link 2 / Link 3 Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/ Tour dates: Feb 26th – in Carlsbad NM March 19 – The American Airlines Center at the Dallas Stars Hockey Game Intro – RivetHead – “Stirring It Up Again” News Bed – RivetHead – “Beautiful Disaster” Discussion Bed – RivetHead - “Difference” Outro – RivetHead – “Zero Gravity” Link to file