Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the 5th anniversary, 60th episode of The Silver Bullet Security Podcast, Gary talks with Neil Daswani, CTO and co-founder of Dasient. Gary and Neil discuss Neil’s previous work at Google and how the “start-up like” atmosphere at Google compares with an actual start-up. They also discuss bad ads (aka malvertising), Clickbot.A, the software security related emphasis on testing at Google, and sushi in San Jose. Neil Daswani Dasient Q4 2010 Malware Update Certifiable, McGraw on Software Security Certification for darkreading (May 9, 2007) The Anatomy of Clickbot.A [PDF] Stanford Advanced Security Certification Program Tomo Sushi The post Show 060 – An Interview with Neil Daswani appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 060 – An Interview with Neil Daswani appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications. Langer Communications is a German company specializing in control systems security. Ralph was the first to determine that Stuxnet is a directed cybersecurity attack against the kinds of Siemens control systems used to control nuclear centrifuges in Iran. Gary and Ralph discuss what’s involved in introducing the concept of cybersecurity to control systems engineers, how anti-virus vendors originally responded to the Stuxnet, as well as plenty of detailed technical info about the worm with an emphasis on its payload. Langner Communications Stuxnet Software [In]security: How to p0wn a Control System with Stuxnet Software [In]security: Cyber Warmongering and Influence Peddling Israeli Test on Worm Called Crucial in Iran Nuclear Delay (New York Times)

On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications. Langer Communications is a German company specializing in control systems security. Ralph was the first to determine that Stuxnet is a directed cybersecurity attack against the kinds of Siemens control systems used to control nuclear centrifuges in Iran. Gary and Ralph discuss what’s involved in introducing the concept of cybersecurity to control systems engineers, how anti-virus vendors originally responded to the Stuxnet, as well as plenty of detailed technical info about the worm with an emphasis on its payload. Langner Communications Stuxnet Software [In]security: How to p0wn a Control System with Stuxnet Software [In]security: Cyber Warmongering and Influence Peddling Israeli Test on Worm Called Crucial in Iran Nuclear Delay (New York Times) The post Show 059 – An Interview with Ralph Langner appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 059 – An Interview with Ralph Langner appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department. Gary and John discuss whether Wikileaks is a terrorist organization, if the use of a cyber-weapon like Stuxnet can be a morally justified act, and the implications of computational nanotechnology on cybersecurity. Transcript of this episode [PDF] John Savage at Brown University Jefferson Science Fellow: Dr. John Savage International Telecommunication Union Silver Bullet #49: Ivan Arce The Girl with the Dragon Tattoo Homomorphic Encryption

On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department. Gary and John discuss whether Wikileaks is a terrorist organization, if the use of a cyber-weapon like Stuxnet can be a morally justified act, and the implications of computational nanotechnology on cybersecurity. John Savage at Brown University Jefferson Science Fellow: Dr. John Savage International Telecommunication Union Silver Bullet #49: Ivan Arce The Girl with the Dragon Tattoo Homomorphic Encryption The post Show 058 – An Interview with John Savage appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 058 – An Interview with John Savage appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com. At CNET, Elinor covers Internet technology and security. Gary and Elinor discuss how writing about technology for news organizations has changed over the last 20 years, how technology adoption in Portugal differs from the States, WikiLeaks and the First Amendment, avoiding FUD when covering a breaking news story about security, and Burning Man. They close the episode with a brief discussion of Elinor’s favorite books. Transcript of this episode [pdf] Elinor at CNET Insecurity Complex – Elinor’s blog Elinor on Twitter Drama in the Desert: Sights and Sounds of Burning Man / Raised Barn Press Demilitarizing cybersecurity (Q&A) How to p0wn a Control System with Stuxnet Intellus Reputation Defender Eating Animals The Corrections

On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com. At CNET, Elinor covers Internet technology and security. Gary and Elinor discuss how writing about technology for news organizations has changed over the last 20 years, how technology adoption in Portugal differs from the States, WikiLeaks and the First Amendment, avoiding FUD when covering a breaking news story about security, and Burning Man. They close the episode with a brief discussion of Elinor’s favorite books. Elinor at CNET Insecurity Complex – Elinor’s blog Elinor on Twitter Drama in the Desert: Sights and Sounds of Burning Man / Raised Barn Press Demilitarizing cybersecurity (Q&A) How to p0wn a Control System with Stuxnet Intellus Reputation Defender Eating Animals The Corrections The post Show 057 – An Interview with Elinor Mills appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 057 – An Interview with Elinor Mills appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 56th Silver Bullet Security Podcast, Gary sits down with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM. They close the show out discussing bourbon. As a bonus, Sammy may be the first person to ever use the phrase “flips my bogometer” on a podcast. Sammy on Justice League At the NRECA conference – Sammy’s blog post (with video) about his NRECA talk. BSIMM Community Conference BSIMM Trusted Computer System Evaluation Criteria – aka “The Orange Book” “The Antique Collection” bourbon

On the 56th Silver Bullet Security Podcast, Gary sits down with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM. They close the show out discussing bourbon. As a bonus, Sammy may be the first person to ever use the phrase “flips my bogometer” on a podcast. BSIMM Trusted Computer System Evaluation Criteria – aka “The Orange Book” The post Show 056 – An Interview with Sammy Migues appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 056 – An Interview with Sammy Migues appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory. Gary and Deb discuss the differences between being a professor and a researcher, whether a professional certification is better than an academic degree, and how a woman’s reasons for getting into the computer security field may differ from a man’s. They close out the episode by talking flowers. Deborah Frincke on Twitter Software [In]security: Technology Transfer, informIT Pacific Northwest National Labs University of Idaho Computer Science University of Idaho Center for Secure & Dependable Systems NSA National Centers of Academic Excellence Orchidaceae

On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory. Gary and Deb discuss the differences between being a professor and a researcher, whether a professional certification is better than an academic degree, and how a woman’s reasons for getting into the computer security field may differ from a man’s. They close out the episode by talking flowers. Deborah Frincke on Twitter Software [In]security: Technology Transfer, informIT Pacific Northwest National Labs University of Idaho Computer Science University of Idaho Center for Secure & Dependable Systems NSA National Centers of Academic Excellence Orchidaceae The post Show 055 – An Interview with Deborah Frincke appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 055 – An Interview with Deborah Frincke appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 54th Silver Bullet Security Podcast, Gary talks with Dr. Marc Donner, engineering director for Google Health and Google Finance. Gary and Marc discuss science-fiction books from the last decade, why Americans like to talk about cyberwarfare, and security issues and privacy concerns as related to Google Health initiatives. They finish up their discussion by talking about the Syrup Wars. Marc Donner hacks from the bleeding edge (Marc’s blog) AI Bites Man? Iron Sunrise, Singularity Sky

On the 54th Silver Bullet Security Podcast, Gary talks with Dr. Marc Donner, engineering director for Google Health and Google Finance. Gary and Marc discuss science-fiction books from the last decade, why Americans like to talk about cyberwarfare, and security issues and privacy concerns as related to Google Health initiatives. They finish up their discussion by talking about the Syrup Wars. Marc Donner hacks from the bleeding edge (Marc’s blog) Iron Sunrise, Singularity Sky The post The Decades Science Fiction with Marc Donner appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Decades Science Fiction with Marc Donner appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division. They discuss whether it’s better to look for known problems or anomalies when performing network security monitoring, how to explain security incidents to “business guys,” the notion of “building visibility in,” and the difference between working as an independent consultant in a very small shop and working in a large corporation. TaoSecurity blog Silver Bullet #19: Mikko Hyppönen Silver Bullet #41: Fred Schneider

On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division. They discuss whether it’s better to look for known problems or anomalies when performing network security monitoring, how to explain security incidents to “business guys,” the notion of “building visibility in,” and the difference between working as an independent consultant in a very small shop and working in a large corporation. TaoSecurity blog Silver Bullet #19: Mikko Hyppönen Silver Bullet #41: Fred Schneider The post Network Security Best Practices with Richard Bejtlich appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Network Security Best Practices with Richard Bejtlich appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.