Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the landmark 75th episode of Silver Bullet, Gary talks with Howard Schmidt, former Cybersecurity Coordinator for the Obama administration. In this episode, Gary and Howard discuss the differences between doing security work in the public and private sectors, the difficulties of establishing cybersecurity in the government (especially when it comes to software security), the government’s involvement in cyberespionage, and how the actions of Anonymous and Wikileaks square with the notion of free speech. They close the episode out with talk about Harleys. This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video): Howard Schmidt (Wikipedia) U.S. cybersecurity chief Howard Schmidt retiring White House cyber security coordinator Howard Schmidt joins Qualys The post Show 075 – An Interview with Howard Schmidt appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 075 – An Interview with Howard Schmidt appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 74th episode of The Silver Bullet Security Podcast, Gary talks for a second time with Bruce Schneier. They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently. In addition, they discuss Bruce’s new book Liars and Outliers: Enabling the Trust that Society Needs to Thrive, how far behind the government is in terms of security, cloud computing, and Uncle Milton’s ant farm. Bruce Schneier Applied Cryptography Liars and Outliers Silver Bullet Security Podcast, show 009 (December 2006) – Gary’s first chat with Bruce Schneier US cyber czar Howard Schmidt resigns Workshop on Economics and Information Security Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). Prisoner’s Dilemma (Axelrod) Uncle Milton’s Ant Farm The Ugly Sweater Store Vintage Spirits and Forgotten Cocktails: From the Alamagoozlum to the Zombie 100 Rediscovered Recipes and the Stories Behind Them – Mixology

On the 74th episode of The Silver Bullet Security Podcast, Gary talks for a second time with Bruce Schneier. They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently. In addition, they discuss Bruce’s new book Liars and Outliers: Enabling the Trust that Society Needs to Thrive, how far behind the government is in terms of security, cloud computing, and Uncle Milton’s ant farm. Bruce Schneier Applied Cryptography Liars and Outliers Silver Bullet Security Podcast, show 009 (December 2006) – Gary’s first chat with Bruce Schneier US cyber czar Howard Schmidt resigns Workshop on Economics and Information Security Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). Prisoner’s Dilemma (Axelrod) Uncle Milton’s Ant Farm The Ugly Sweater Store Vintage Spirits and Forgotten Cocktails: From the Alamagoozlum to the Zombie 100 Rediscovered Recipes and the Stories Behind Them – Mixology The post Show 074 – An Interview with Bruce Schneier appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 074 – An Interview with Bruce Schneier appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 73rd episode of The Silver Bullet Security Podcast, Gary talks with Robert Vamosi, senior analyst with Mocana, freelance security reporter, and author of When Gadgets Betray Us. Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design. Finally, Gary and Robert discuss Robert’s use of the word “betray.” Robert Vamosi When Gadgets Betray Us Gary on Stuxnet With Or Without You

On the 73rd episode of The Silver Bullet Security Podcast, Gary talks with Robert Vamosi, senior analyst with Mocana, freelance security reporter, and author of When Gadgets Betray Us. Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design. Finally, Gary and Robert discuss Robert’s use of the word “betray.” When Gadgets Betray Us Gary on Stuxnet With Or Without You The post Show 073 – An Interview with Robert Vamosi appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 073 – An Interview with Robert Vamosi appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 72nd episode of The Silver Bullet Security Podcast, Gary talks with Randy Sabett, a lawyer with the ZwillGen cyber-law firm in Washington, DC. Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whether cyberlaw is full of loopholes, and if security always trades off against privacy and anonymity. They close out their discussion discussing the book Randy is currently reading. Randy V. Sabett Microsoft and Financial Services Industry Leaders Target Cybercriminal Operations from Zeus Botnets, The Official Microsoft Blog. Microsoft Raids Tackle Internet Crime, The New York Times. Court Upholds 5th Amendment-based Refusal to Decrypt Hard Drive Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). The Cuckoo’s Egg by Clifford Stoll Fram oil filter commercial Is time running out on the billable hour? The Singularity is Near by Ray Kurzweil

On the 72nd episode of The Silver Bullet Security Podcast, Gary talks with Randy Sabett, a lawyer with the ZwillGen cyber-law firm in Washington, DC. Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whether cyberlaw is full of loopholes, and if security always trades off against privacy and anonymity. They close out their discussion discussing the book Randy is currently reading. Microsoft and Financial Services Industry Leaders Target Cybercriminal Operations from Zeus Botnets, The Official Microsoft Blog. Microsoft Raids Tackle Internet Crime, The New York Times. Court Upholds 5th Amendment-based Refusal to Decrypt Hard Drive Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). The Cuckoo’s Egg by Clifford Stoll Is time running out on the billable hour? The Singularity is Near by Ray Kurzweil The post Show 072 – An Interview with Randy Sabett appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 072 – An Interview with Randy Sabett appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 71st episode of The Silver Bullet Security Podcast, Gary talks with Bill Arbaugh, Associate Professor of Computer Science at University of Maryland. Gary and Bill discuss how malware has evolved and changed over the last decade and how it’s affected software security practices, BIOS-based attacks, academia vs. startup, and why the NSA doesn’t play defense when it comes to cybersecurity. Bill Arbaugh @ UMD Microsoft Acquires Komoku Silver Bullet: Ross Anderson, show 13, show 70 International Capture the Flag Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011).

On the 71st episode of The Silver Bullet Security Podcast, Gary talks with Bill Arbaugh, Associate Professor of Computer Science at University of Maryland. Gary and Bill discuss how malware has evolved and changed over the last decade and how it’s affected software security practices, BIOS-based attacks, academia vs. startup, and why the NSA doesn’t play defense when it comes to cybersecurity. Bill Arbaugh @ UMD Microsoft Acquires Komoku Silver Bullet: Ross Anderson, show 13, show 70 International Capture the Flag Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). The post Show 071 – An Interview with Bill Arbaugh appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 071 – An Interview with Bill Arbaugh appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

The 70th episode of The Silver Bullet Security Podcast is our first repeat performance. Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Ross was a guest on episode 13 of The Silver Bullet Security Podcast and is our first return guest. Gary and Ross discuss the latest developments in Trusted Computing, the iterated “Prisoner’s Dilemma” as an economic model and its relevance to computer security, information compartmentalization and Wikileaks, time and security, cyberwar versus cybercrime, and Stuxnet. Silver Bullet Show 013: Ross Anderson Transcript of episode 13 [PDF] Ross Anderson Trusted Computing FAQ Security Engineering – Ross’ groundbreaking book in print and online Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011).

The 70th episode of The Silver Bullet Security Podcast is our first repeat performance. Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Ross was a guest on episode 13 of The Silver Bullet Security Podcast and is our first return guest. Gary and Ross discuss the latest developments in Trusted Computing, the iterated “Prisoner’s Dilemma” as an economic model and its relevance to computer security, information compartmentalization and Wikileaks, time and security, cyberwar versus cybercrime, and Stuxnet. Silver Bullet Show 013: Ross Anderson Transcript of episode 13 [PDF] Ross Anderson Trusted Computing FAQ Security Engineering – Ross’ groundbreaking book in print and online Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). The post Show 070 – An Interview with Ross Anderson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 070 – An Interview with Ross Anderson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity. During this show, Gary and Steve discuss the gap between “real world” computer security and “academic” computer security, the problem of cryptography, whether it’s OK to use “the NASCAR effect” to draw students into security, and spear phishing. Steve Myers Center for Applied Cybersecurity The SEED Project (Developing Instructional Laboratories for Computer SEcurity EDucation) Why Mobile to Mobile Malware Won’t Cause a Storm [PDF], paper for USENIX ’11, with Nathaniel Husted Patrick Traynor Silver Bullet Show 020:­ An Interview with Markus Jakobsson Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, edited by Steve Myers and Markus Jakobsson “Spear phishing” Spirit of the West

On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity. During this show, Gary and Steve discuss the gap between “real world” computer security and “academic” computer security, the problem of cryptography, whether it’s OK to use “the NASCAR effect” to draw students into security, and spear phishing. Steve Myers Center for Applied Cybersecurity The SEED Project (Developing Instructional Laboratories for Computer SEcurity EDucation) Why Mobile to Mobile Malware Won’t Cause a Storm [PDF], paper for USENIX ’11, with Nathaniel Husted Patrick Traynor Silver Bullet Show 020:­ An Interview with Markus Jakobsson Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, edited by Steve Myers and Markus Jakobsson “Spear phishing” Spirit of the West The post Show 069 – An Interview with Steve Myers appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 069 – An Interview with Steve Myers appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology. John Steven @ Justice League blog OWASP NoVA Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal), InformIT. Moving to Mobile – New Threats, Justice League blog. Threat Modeling – Vocabulary, Justice League blog. BSIMM “The Liberal” “The Old Fashioned” Silver Bullet: Elinor Mills

On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology.   John Steven Articles OWASP NoVA Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal), InformIT. BSIMM “The Liberal” “The Old Fashioned” Silver Bullet: Elinor Mills The post Show 068 – An Interview with John Steven appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 068 – An Interview with John Steven appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.