• Google Dashboard lifts curtain on stored data – Yawn.  Give us something useful
• Analyst:  PCI Security a Devil, ‘Like No Child Left Behind‘ – I want to talk to Josh Corman
• Cracking Passwords in the Cloud:  Breaking PGP on EC2 with EDPR – Or How much is the password in the window?
• Cross-domain Cookie attacks – It’s all about trust.  And why you shouldn’t.
• COFEE Forensic tool leaked to What.cd, admins ban it – It’s an interesting toy, but the open source community can do better.
• First iPhone worm spreads Rick Astley wallpaper – Rickrolled by a worm
• Tonight’s music: Sick and Tired by the Fn A Holes

Network Security Podcast, Episode 172
Time:  33:26

Show Notes:

• Heartland CIO criticizes tokenization. Gee considering they have a competing approach this is shocking!
• Congress calls for review of internal cybersecurity after major leak over P2P. Yet another shocking surprise!
• Mellon Bank employee commits identity fraud over 7 years.
• New phishing attack pretends to be from FDIC.
• Robert “RSnake” Hansen releases his “Detecting Malice” EBook. It’s very well done.
• Just Say No to FUD. Response to Anton’s article.
• Tonight’s music:

(The rest of the show is all about security stuff, and we even have all three of us on together again, but I’m just too chocked up over the death of Geocities for proper show notes. It was as if a million cheesy fan sites cried out, and were suddenly silenced.)

This really is Episode 171, even if I called it 170 at the beginning of the podcast – Martin

Network Security Podcast, Episode 171
Time:  38:54

Show Notes:

• Rapid7 Acquires Metasploit
• Scan of Internet Reveals Thousands of Vulnerable Embedded Devices. Linksys is at the top of the list, surprised? And I don’t even blame them. Then again, there’s Time Warner routers… all of which are seriously vulnerable.
• Why You Should Never Talk to the Police.
• Obama Nominates DHS Intelligence Chief.
• Rich’s off topic article on the first Microsoft Store.
• Tonight’s music: Running from the Law by Mean Gene Kelton and the Die Hards

After a brief wandering to talk about Halloween preparations, we get back on topic and catch up with some new stories, and a few from the week we missed. We talk about the evolution of security professionals, tokenization, and how the Danger/Sidekick thing had nothing to do with cloud computing.

Network Security Podcast, Episode 170
Time:  34:12

Show Notes:

• Josh Corman’s FUDSec post on the evolution of security.
• Tokenization for payment transactions.
• Most Sidekick data recovered, but many unanswered questions.
• Mozilla blocks Microsoft plugin. Then they don’t.
• Google Voice mails searchable if you make it public. Duh.
• Tonight’s music: FadeOut with Sanctuary

Network Security Podcast, Episode 169, October 6, 2009
Time:  27:09

Show Notes:

• Hackers breach payroll giant, target customers 
• Microsoft Security Essentials review
• Lawsuit:  Heartland knew data security standard was ‘insufficient’
  
• Breaking:  Thousands of Hotmail passwords leaked online – And now we know that tens of thousands of other mail service accounts are similarly compromised.
• Wireless network modded to see through walls
• Dungeons and Dragons Spellcasting Soda – If you’ve got a spare case or two of this stuff lying around, please feel free to send it my way.  
• Tonight’s Music:  Black Berry Girl by Porter Block

Sigh.

Network Security Podcast, Episode 168
Time:  29:53

Show Notes:

• Inmate locks staff out of prison computers. Multiple levels of hilarity ensue.
• Microsoft releases free antivirus. World doesn’t end. (Yet).
• SMB2 exploits become public. World doesn’t end. (Yet).
• NIST releases smart grid security guidance.
• A money-mule’s story. Fascinating level of naivete.
• Tonight’s music: Caught by Emma Wallace

I had a bit of a shock as I realized that most of my disaster plans aren’t relevant anymore as my life status has changed. I used to be single, in Colorado, and part of the response infrastructure (which means access to a ton of resources). Now I’m married, with a child and pets. I can’t really run off with a backpack and play hero if something bad hits.

We also delve into some IT related disaster planning, so this isn’t a complete non-sequiter.

Network Security Podcast, Episode 167
Time:  32:13

Show Notes:

• Chinese researchers figure out how to take down the West coast power grid by hitting a smaller provider. Oh joy. At least they disclosed it.
• Some idiot logs into Facebook while robbing a house. This is now my favorite dumb-criminal move of the year. Oh wait, did I forget to mention he left himself logged in after he left?
• Some site claims to hack any Facebook account for $100. Or to pretend to hack it for $100. You get to guess which one it is.
• Court rules that just because you did something your employer didn’t like with authorized access to a computer, it isn’t a computer crime. Well done.
• Researchers come up with an idea for a new home security markup language. Good intentions, not sure it will matter.
• RSnake on Star Trek and security. If you read one post this year, it should be this one.
• Tonight’s music: Me and by Wife by Root Doctor

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

Network Security Podcast, Episode 166
Time:  40:14

Show Notes:

• FBI Jobs site gets hacked – SQL Injection against an FBI site?  I’d be embarrassed.
• University research exposes potential vulnerabilities in cloud computing – Emphasis on the ‘potential’, but it’s an issue we do have to beware of.
• End-to-end encryption:  The PCI security Holy Grail – It all depends how we define ‘end-to-end’.
• All TI signing keys factored
• Tonight’s music: Black Rebel Motorcycle Club with Whenever You’re Ready

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“

We will be returning to our regularly scheduled podcast next week.  Promise.

Network Security Podcast, Episode 165, September 1, 2009
Time:  33:29

Show Notes:

• Security expert’s PCI analysis misguided, says PCI Council GM – I’m very glad that Bob Russo is paying attention to the conversation about PCI.
• Some follow-up questions for Bob Russo, GM of the PCI Council – Rich’s response to Mr. Russo’s post at SearchSecurity.  And Mr. Russo’s comments on Rich’s post.
• China game boss sniped rivals, took down Internet
• DHS:  Secretary Napolitano announces new directives on border searches of electronic media
• ‘New’ travel search rules just won’t fly
• AV makers fault Apple on Snow Leopard malware scanner
• Peering inside Snow Leopard security – I forget sometimes that Rich really is one of the experts on this topic.
• Tonight’s Music:  Black Rebel Motorcycle Club with Weapon of Choice

To get $300 off Hacker Halted 2009 in Miami, Florida from September 23-25, click on the banner below, select VIP Pass under Conference Pass and and enter code “HHUSA-MM-AP999“