Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers. Secure Anchor Security Haven Stego-marking packets to control information leakage on TCP/IP based networks – Eric’s dissertation The post The ROI of Computer Security with Eric Cole appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The ROI of Computer Security with Eric Cole appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box. HB Gary Exploiting Online Games AWL Software Security Series

On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box. HB Gary Exploiting Online Games AWL Software Security Series The post Understanding Exploits with Greg Hoglund appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Understanding Exploits with Greg Hoglund appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focus on privacy. They start with an attempt to define what “privacy” is in the digital world, moving on to Annie’s work with The Privacy Place. Annie also discusses airlines’ pretty much pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, crazy talk in EULAs, and the book Letters to a Young Catholic (which has nothing to do with privacy). A partial transcript of the interview in IEEE Security & Privacy Annie I. Antón The Privacy Place The ChoicePoint Data Security Breach

On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focus on privacy. They start with an attempt to define what “privacy” is in the digital world, moving on to Annie’s work with The Privacy Place. Annie also discusses airlines’ pretty much pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, crazy talk in EULAs, and the book Letters to a Young Catholic (which has nothing to do with privacy). Annie I. Antón The Privacy Place The ChoicePoint Data Security Breach The post Data Privacy Defined with Annie Antón appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Data Privacy Defined with Annie Antón appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. In this show, Gary and Peter discuss the most important changes in computer security since the 1960s, the discipline involved in early Multics engineering (“nodody writes a line of code without the approving authorities [having] read and understood the specification”), why DRM is the “wrong solution to the wrong problem,” and who was more interesting to meet: Albert Einstein or Norah Jones. Peter Neumann comp.RISKS Computer-Related Risks Multics A General-Purpose File System For Secondary Storage – Peter’s 1965 paper on Multics Multics History Project The Brooklyn Boogaloo Blowout

The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. In this show, Gary and Peter discuss the most important changes in computer security since the 1960s, the discipline involved in early Multics engineering (“nodody writes a line of code without the approving authorities [having] read and understood the specification”), why DRM is the “wrong solution to the wrong problem,” and who was more interesting to meet: Albert Einstein or Norah Jones. Peter Neumann comp.RISKS Computer-Related Risks Multics A General-Purpose File System For Secondary Storage – Peter’s 1965 paper on Multics Multics History Project The Brooklyn Boogaloo Blowout The post Computer Security since the 1960’s with Peter Neumann appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Computer Security since the 1960’s with Peter Neumann appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the effect of posting his excellent book on the net for free, the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system’s users (with respect to who should address security), and why publicly describing attacks is essential to security engineering. They close out by examining the security implications of wearing a kilt. Transcript of this episode [PDF] Ross Anderson Light Blue Touchpaper – A security blog by Cambridge computer scientists. Security Engineering – Ross’ groundbreaking book in print and online WEIS 2007 – Sixth Workshop on the Economics of Information Security RFID and the Middleman [PDF] The Clan Anderson Society Ross playing the bagpipes

On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the effect of posting his excellent book on the net for free, the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system’s users (with respect to who should address security), and why publicly describing attacks is essential to security engineering. They close out by examining the security implications of wearing a kilt. Ross Anderson Light Blue Touchpaper – A security blog by Cambridge computer scientists. Security Engineering – Ross’ groundbreaking book in print and online WEIS 2007 – Sixth Workshop on the Economics of Information Security RFID and the Middleman [PDF] Ross playing the bagpipes The post Security Engineering Described with Ross Anderson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Security Engineering Described with Ross Anderson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital. Becky spent twelve years at the NSA working on intrusion detection and cryptography from 1984 until 1996, followed by a stint at Los Alamos National Laboratory. Gary and Becky discuss growing up in rural America, explosives, and Becky’s Jimmy Hoffa sponsored college funding situation. They also talk about the evolution of security curricula in academia, rampant commercialization of computer security, Becky’s involvement in tracking down the notorious Kevin Mitnick, vicodin-induced creativity, and eclectic music. Transcript of this episode [PDF] Who’s Who in Infosec: Rebecca Bace Trident Capital – The VC firm where Becky is an advisor Los Alamos National Labs Intrusion Detection A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness – Co-authored with Fred Smith Executive Women’s Forum Frank Sinatra The Kinsey Sicks

On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital. Becky spent twelve years at the NSA working on intrusion detection and cryptography from 1984 until 1996, followed by a stint at Los Alamos National Laboratory. Gary and Becky discuss growing up in rural America, explosives, and Becky’s Jimmy Hoffa sponsored college funding situation. They also talk about the evolution of security curricula in academia, rampant commercialization of computer security, Becky’s involvement in tracking down the notorious Kevin Mitnick, vicodin-induced creativity, and eclectic music. Transcript of this episode [PDF] Who’s Who in Infosec: Rebecca Bace Trident Capital – The VC firm where Becky is an advisor Los Alamos National Labs Intrusion Detection A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness – Co-authored with Fred Smith Frank Sinatra The Kinsey Sicks The post From Ruralism to Computer Security with Becky Bace appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post From Ruralism to Computer Security with Becky Bace appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers. Transcript of this episode [PDF] Wikipedia: Dorothy Denning Clipper Chip (More) Clipper Chick – a 1996 Wired article about the Clipper Chip controversy. The Future of Cryptography Location-Based Authentication: Grounding Cyberspace for Better Security – A 1996 paper by Dorothy Denning and Peter F. MacDoran about geo-encryption. Big Sur Power Walk

On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers. Wikipedia: Dorothy Denning Clipper Chip (More) Clipper Chick – a 1996 Wired article about the Clipper Chip controversy. Big Sur Power Walk The post Teaching Computer Security with Dorothy Denning appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Teaching Computer Security with Dorothy Denning appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy. Participating members of the Technical Advisory Board include: Bill Pugh, Professor at University of Maryland, static analysis for finding bugs Li Gong, GM at Microsoft, MSN in China Marcus Ranum, CSO of Tenable Network Security, security products trainer Avi Rubin, Professor at Johns Hopkins, electronic voting security Fred Schneider, Professor at Cornell, trustworthy computing Greg Morrisett, Professor at Harvard, dependant type theory Matt Bishop, Professor at UC Davis, computer security Dave Wagner, Professor at Berkeley, software security and electronic voting A complete transcript of this podcast will be available soon from Fortify at http://www.fortify.com/silverbullet.

The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy. Participating members of the Technical Advisory Board include: Bill Pugh, Professor at University of Maryland, static analysis for finding bugs Li Gong, GM at Microsoft, MSN in China Marcus Ranum, CSO of Tenable Network Security, security products trainer Avi Rubin, Professor at Johns Hopkins, electronic voting security Fred Schneider, Professor at Cornell, trustworthy computing Greg Morrisett, Professor at Harvard, dependant type theory Matt Bishop, Professor at UC Davis, computer security Dave Wagner, Professor at Berkeley, software security and electronic voting A complete transcript of this podcast will be available soon from Fortify at http://www.fortify.com/silverbullet. The post A Discussion on Software Security & Static Analysis Tools appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post A Discussion on Software Security & Static Analysis Tools appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.