Network Security Blog

The Network Security Podcast, Episode 158

netsecpodcast@mckeay.net (Martin McKeay) — Wed, 15 Jul 2009 05:54:17 PDT

The bulk of this episode is an interview I did with Steve Ocepek, one of my Trustwave coworkers who is presenting at Black Hat this year. But before we get to the interview, we do spend a little time talking about some of this week’s security headlines. And if you are attending Black Hat, don’t forget to look us up.

Network Security Podcast, Episode 158
Time: 45:35

Show Notes:

Wardriving passports

Microsoft and Firefox vulnerabilities (some unpatched) being exploited in the wild.

What a shock, the DDoS attacks probably weren’t from North Korea. I think their entire Internet connectivity is a phone line with an acoustic modem.

Tonight’s Music: Impact at 1000mph by LtMeat

Episodes 8 & 9 of the FIRST Podcast

netsecpodcast@mckeay.net (Martin McKeay) — Mon, 13 Jul 2009 09:20:27 PDT

Peter Allor is one of the two people who tapped me cover the 21st FIRST Conference in Kyoto. Pete is a member of the FIRST Steering Committee and the Conference Liaison and took a couple of minutes out of the conference to speak to me on how the conference was going.

Episode 8: Peter Allor, FIRST SC and Conference Liaison

Toby Weir-Jones from BT gave a talk titled “Deriving information from raw data: making business decisions with logs”. We consider why it’s so hard to translate our log files into something that we can use to communicate with other business units who don’t speak the same language.

Episode 9: Toby Weir-Jones, VP Product Development, Managed Security Solutions Group, BT

You lick it, you keep it

netsecpodcast@mckeay.net (Martin McKeay) — Sat, 11 Jul 2009 09:55:47 PDT

Some encounters are almost too strange to believe. That doesn’t make them any less real.

I was walking down the street in San Francisco at lunch time Friday afternoon. As I came up to a busy street corner I saw a paper grocery bag sitting on a bench with no one around it. I walked up to the bag and peeked in to find three external hard drives, one Maxtor and two brands I didn’t recognize. The drives looked like they were either well used or the product of a dumpster dive. I knocked on the door of the one business nearby, but no one answered. After a few minutes someone came out who worked in the building; he said there’d been a break-in recently but that he didn’t know anything about the drives. I tried to call Rich for advice, but he was busy so I decided I’d finish my walk to lunch and think on the situation for a little while.

One burrito later, I walked up on the scene again. This time a homeless man in dirty, ripped slacks was surveying the bag of hard drives. He looked around much like I had done thirty minutes earlier, then scuttled up to the bag and pulled out one of the external hard drives. After sniffing it for a second, he licked one side of the drive and put it back in the bag. He then ran over to a parking meter and licked it, licked the taillights on both sides of an SUV and vanished from my sight behind the car.

I lost any interest in the hard drives at that point. That takes mom’s caution of “you don’t know where that’s been” to a whole new level.

Saliva incident aside, what would you do if you found a bag of hard drives in a park or public place? Calling 911 didn’t seem appropriate, though there is a slim possiblity of explosives. Taking the drives home and performing some forensics research on them crossed my mind; I have the technology if not much skill in the area. I tried to turn them in to the business, but there was no one there. I guess the gentlemen with the inquisitive taste buds saved me from a moral dilema.

What would you have done?

Network Security Podcast, Episode 157

netsecpodcast@mckeay.net (Martin McKeay) — Tue, 07 Jul 2009 20:39:30 PDT

I can’t entirely promise tonight’s episode makes a lot of sense. Martin is back from Kyoto, and seriously jetlagged, and I don’t think I was a whole lot better. Sure, we cover the usual collection of security news, but the episode is filled with non-sequitors and other dissociated transitions. On the other hand, we do stick fairly closely to security related topics. In other words, listen at your own risk.

[Martin]It made perfect sense before I said it out loud. Afterward, not so much.[/Martin]

Network Security Podcast, Episode 157
Time: 25:08

Show Notes:

Microsoft 0day being exploited in the wild.
China is as scared of us as we are of them. See? Your mom was right.
iPhones are vulnerable over SMS. I highly doubt the iPhone is the only phone with this problem.
A “security guard” hacks a hospitals HVAC system. Then goes to jail for additional stupidity. Good thing most bad guys are dumb, or we’d *really* be in trouble.
More nails in the coffin that holds your Social Security Number.

Back from the FIRST Conference

netsecpodcast@mckeay.net (Martin McKeay) — Tue, 07 Jul 2009 06:25:25 PDT

Back from the FIRST Conference in Kyoto, Japan with a dozen interviews and over 1500 pictures. To be fair, my wife took a lot of the pictures. I haven’t had time to blog or while I was at FIRST, but you can get a very good idea of what was going on by checking out Chris Riley’s blog. He took awesome notes, something I’m only moderately successful at under the best of circumstances. I’ll be uploading the interviews over the next few weeks and have several follow up interviews to do with people who didn’t have the time necessary during the conference. But all of that has to wait until I’ve dug myself out from the pile of email that accumulated while I was on the road. In the mean time, check out some of the photos I’ve uploaded to Flickr so far.

The Network Security Podcast, Episode 156

netsecpodcast@mckeay.net (Martin McKeay) — Tue, 30 Jun 2009 17:18:52 PDT

Martin is off in Japan this week, so I’m joined by our good friend Amrit Williams from BigFix and the Techbuddha blog. Amrit and I start off by talking about the rolling blackouts in California and disaster preparedness, before jumping into the week’s security news.

I’m off in Japan, but not forgotten. I’m almost afraid to listen to my podcast! You’d think that by now I’d have gotten comfortable handing off the podcast while I’m away by now

Network Security Podcast, Episode 156
Time: 41:28

Show Notes:

The New York Times and Wikipedia censor reports of a captured reporter to protect him.

Dave Shackleford on 10 things your auditor doesn’t want you to know.

Trojan steals FTP credentials

Juniper pulls ATM hacking talk from Black Hat

Most systems have unpatched software. Is anyone surprised?

Tonight’s Music: Since i haven’t figured out how to get the podcasting rights to Jimmy Buffett’s entire collection, there’s no music for tonight’s close.

FIRST 2009: Dr. Suguru Yamaguchi

netsecpodcast@mckeay.net (Martin McKeay) — Mon, 29 Jun 2009 19:32:05 PDT

I had the opportunity to talk to Dr. Suguru Yamaguchi, Professor of the Graduate School of Information at the Nara Institute of Science and Technology, member of the JPCERT and advisor on Information Security for the National Information Security Center, Cabinet Office Japan. Dr. Yamaguchi presented the opening keynote for the FIRST 2009 Conference here in Kyoto, Japan and talked about Information Security Management and Economic Crisis. And at least as interesting for me was having my questions translated into Japanese and asked to Dr. Yamaguchi again to answer in his native language.

Two of the points I found intensely interesting about Dr. Yamaguchi’s talk were his assertion that businesses should be investing in technology during the down turn rather than cutting back, because the investment now may be what enables there survival and his observation that compromises have an affect on company sales in the Asia Pacific region. I don’t believe we’re seeing the same sort of downturn in sales when a compromise happens to an American company and would like to know why there is such a difference.

FIRST 2009 Episode 7: Interview with Dr. Suguru Yamaguchi – Japanese

FIRST 2009 Episode 7: Interview with Dr. Suguru Yamaguchi – English

Heading to Kyoto: Who do you want to hear from?

netsecpodcast@mckeay.net (Martin McKeay) — Thu, 25 Jun 2009 06:10:50 PDT

The wife and I are all packed, the house sitter has been briefed (”Just don’t burn down the house while we’re gone”) and we’re heading off to the airport in a few minutes to fly to Kyoto, Japan to attend the 21st annual FIRST Conference. The folks at FIRST have tapped me to be the media sponsor for the event this year and I’ll be blogging, tweeting and conducting interviews live on the floor of the conference. There is a very interesting group of international speakers who all work in the incident response field, some (like me) less than others. So here’s my question to you: Who would you like to hear me interview from the list of speakers in Kyoto? Leave a comment on the blog, tweet me (@mckeay) or send me an email and I’ll do my best to get an interview with your target of choice. The interviews will be posted within a few weeks after the conference and I’ll try to sneak one or two in while I’m there.

Note to Rich: Don’t burn down the podcast while I’m gone!

10 Things Dave wants you to know about auditors

netsecpodcast@mckeay.net (Martin McKeay) — Thu, 25 Jun 2009 05:47:05 PDT

I really wish I could disagree more with Dave Shackleford and his post, 10 Things Your Auditor Isn’t Telling You, but I think he’s really hit it on the head with this one. And hit it hard. He starts the post by saying he’s not trying to be mean, but as a PCI QSA, there are a couple of times I had cringe, because it really hits close to home. It’s tough, because some of the points he makes are almost unavoidable in an audit process while others are signs of an industry that needs more skilled practitioners than are currently available. And his final point is definitely true: the people at a company I’m assessing may like me as a person, but I have yet to meet someone who actually likes the process of being assessed and doesn’t channel at least a little of the dislike back to the assessor.

The Network Security Podcast, Episode 155

netsecpodcast@mckeay.net (Martin McKeay) — Tue, 23 Jun 2009 16:57:54 PDT

We start the show off by wishing Martin luck with his presentation at the FIRST conference in Kyoto, foolishly trusting Rich with the keys to the podcast. Then Rich fawns over his iPhone 3GS a little too much, but he does manage to talk about some cool new security features.

Rich also rants a little on one of our PCI stories, and Martin updates us on his XBox wireless situation. Finally, we geek out a bit on Adam Savage appearing at DefCon.

Network Security Podcast, Episode 155
Time: 35:28

Show Notes:

The Clear Card finally dies. What a scam.
Mozilla reveals some new ways of combating XSS and Clickjacking. A positive move, but with a lot of caveats.
An end user talks about his experiences with a WAF.
DHS has a blog.
Nevada mandates PCI. Even for non-credit card PII that wouldn’t normally be covered.
The National Retail Foundation whines about PCI. What a silly responses- back to the drawing board guys. I don’t think you’ve even read the standard.
Get your Certified Application Security Specialist hats, shirts, and other gear.
Tonight’s Music: Reggae Far East with Cost Cut Japan