Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research. Gary and Paul discuss the first system that Paul ever broke, whether engineers and architects need to think like the “bad guys” or not, the decision to put content protection on Blu-Ray discs rather than the player, and whether P=NP. Transcript of this episode [PDF] Cryptography Research (Paul @ Cryptography Research) How Crypto Won the DVD War Macrovision to Acquire Blu-ray Disc Security Technology from Cryptography Research, Inc. (press release) P versus NP problem

On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research. Gary and Paul discuss the first system that Paul ever broke, whether engineers and architects need to think like the “bad guys” or not, the decision to put content protection on Blu-Ray discs rather than the player, and whether P=NP. Cryptography Research (Paul @ Cryptography Research) How Crypto Won the DVD War Macrovision to Acquire Blu-ray Disc Security Technology from Cryptography Research, Inc. (press release) P versus NP problem The post A Breakdown of Security Analysis with Paul Kocher appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post A Breakdown of Security Analysis with Paul Kocher appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh. Anup has authored three books on e-commerce security and over 40 peer-reviewed articles and is founder and chief scientist of Invincea. Gary and Anup discuss the difference between working in a startup and in goverment research, why antivirus doesn’t work against the ZeuS botnet and what businesses should do to protect themselves, and the relevance of the desktop in the future of computing. They close out with a discussion about Anup’s favorite newspapers and recent books. Invincea Anup’s books on Amazon Advanced Technology Program ZeuS botnet summary Why Patching Isn’t Enough

On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh. Anup has authored three books on e-commerce security and over 40 peer-reviewed articles and is founder and chief scientist of Invincea. Gary and Anup discuss the difference between working in a startup and in government research, why antivirus doesn’t work against the ZeuS botnet and what businesses should do to protect themselves, and the relevance of the desktop in the future of computing. They close out with a discussion about Anup’s favorite newspapers and recent books. Invincea Anup’s books on Amazon Advanced Technology Program Why Patching Isn’t Enough The post Startup versus Government Research with Anup Ghosh appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Startup versus Government Research with Anup Ghosh appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty. We also uncover whether being a guest on Silver Bullet is more stressful than being on The Colbert Report. This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video): Transcript of this episode [PDF] 9/11 Commission Report What if the smart grid has stupid security? Select TV appearances: The Daily Show (2008) / The Colbert Report (2007) / The Colbert Report (2005) / 60 Minutes (2004)

On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty. We also uncover whether being a guest on Silver Bullet is more stressful than being on The Colbert Report. This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video): 9/11 Commission Report What if the smart grid has stupid security? Select TV appearances: The Daily Show (2008) / The Colbert Report (2007) / The Colbert Report (2005) / 60 Minutes (2004) The post Lacking Defense in Cyber War with Richard Clarke appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Lacking Defense in Cyber War with Richard Clarke appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies. Gary and Ivan discuss whether teaching builders to think like attackers is worthwhile, how living in Argentina both helps and hinders a career in computer security, the current state of embedded systems attacks, and Ivan’s ongoing disagreement with Microsoft about Virtual PC vulnerabilities. They close things out with a discussion of science fiction books and whether scotch trumps bourbon. Core Security Technologies Attack Points blog (CSO Online) Ivan on the Core Security Technologies’ blog Security vulnerability in Microsoft’s Virtual PC Assume Nothing: Is Microsoft Forgetting a Crucial Security Lesson? SiSU manifest of document filetypes and metadata

On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies. Gary and Ivan discuss whether teaching builders to think like attackers is worthwhile, how living in Argentina both helps and hinders a career in computer security, the current state of embedded systems attacks, and Ivan’s ongoing disagreement with Microsoft about Virtual PC vulnerabilities. They close things out with a discussion of science fiction books and whether scotch trumps bourbon. Core Security Technologies Security vulnerability in Microsoft’s Virtual PC Assume Nothing: Is Microsoft Forgetting a Crucial Security Lesson? SiSU manifest of document filetypes and metadata The post Imitating the Attackers Prespective with Ivan Arce appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Imitating the Attackers Prespective with Ivan Arce appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 48th episode of The Silver Bullet Security Podcast, Gary interviews Andrew Jaquith, senior analyst at Forrester. Gary and Andy discuss how security has become overrun by compliance in the biggest change to corporate security in 15 years, the battle between social networking technology use in the workplace (think Twitter, Facebook, AIM…) and security, security metrics (or lack of such), and Andy’s latest musical find. Andy on Twitter Data Security Predictions For 2010 (December 02, 2009) Know Your Code: How Static Analysis Tools Make Applications More Secure (November 20, 2009) BSIMM @stake Security Metrics: Replacing Fear, Uncertainty, and Doubt S/MIME Silver Bullet #26: Adam Shostack

On the 48th episode of The Silver Bullet Security Podcast, Gary interviews Andrew Jaquith, senior analyst at Forrester. Gary and Andy discuss how security has become overrun by compliance in the biggest change to corporate security in 15 years, the battle between social networking technology use in the workplace (think Twitter, Facebook, AIM…) and security, security metrics (or lack of such), and Andy’s latest musical find. Andy on Twitter Data Security Predictions For 2010 (December 02, 2009) Know Your Code: How Static Analysis Tools Make Applications More Secure (November 20, 2009) BSIMM @stake Security Metrics: Replacing Fear, Uncertainty, and Doubt S/MIME Silver Bullet #26: Adam Shostack The post Changes in Security Compliance with Andrew Jaquith appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Changes in Security Compliance with Andrew Jaquith appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the School of Engineering and Applied Sciences at Harvard University. Gary and Greg discuss the relationship between security and programming languages, why the choice of a good programming language (and/or VM) is more important than code review, sensor networks and security, information control, and Gary and Greg’s most embarrassing moment from adolescence. Transcript of this episode [PDF] Greg Morrisett The Center for Research on Computation and Society Ynot RoboBees GoNative

On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the School of Engineering and Applied Sciences at Harvard University. Gary and Greg discuss the relationship between security and programming languages, why the choice of a good programming language (and/or VM) is more important than code review, sensor networks and security, information control, and Gary and Greg’s most embarrassing moment from adolescence. Greg Morrisett The Center for Research on Computation and Society Ynot RoboBees GoNative The post Security’s need for Languages with Greg Morrisett appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Security’s need for Languages with Greg Morrisett appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit. They close out by discussing unusual yoga positions. Monterey Group Silver Bullet #41 – Fred Schneider Silver Bullet #11 – Dorothy Denning Software Security Comes of Age (InformIT) – on the growth of the software security space Google Defends Against Large Scale Chinese Cyber Attack SANS WhatWorks in Application Security Summit 2010 BSIMM

On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit. They close out by discussing unusual yoga positions. Silver Bullet #41 – Fred Schneider Silver Bullet #11 – Dorothy Denning Software Security Comes of Age (InformIT) – on the growth of the software security space Google Defends Against Large Scale Chinese Cyber Attack BSIMM The post A Look Inside Infowar with David Rice appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post A Look Inside Infowar with David Rice appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University. Gary and Lorrie discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues. They close out the discussion by talking about women in computing. Lorrie Cranor Security and Usability: Designing Secure Systems That People Can Use Web Privacy with P3P CyLab Usable Privacy and Security Laboratory (CUPS) A “Nutrition Label” for Privacy Google search privacy video