SECTHIS.COM Security Podcast

Shmoocon

podcast@secthis.com (Naftulyev, Moon, Elberg) — Sat, 24 Oct 2009 17:18:50 PDT

Just a reminder to everyone that tickets for Shmoocon go on sale Nov 1. All of us will try to get to Shmoocon again in 2010 - although the podcast is over and done we are all still working in security consulting and do stay in touch with each other.

See you in 2010!

Shmoocon

podcast@secthis.com (Naftulyev, Moon, Elberg) — Sat, 07 Feb 2009 13:14:12 PST

Mooner, Anatoly, Doug, and Gene are at Shmoocon this weekend. Say hi if you see us around.

Gene -->

So far the presentation on the Home Made UAVs was the most interesting.

Decoding a smart key is pretty interesting as well.

Night of good food and Vodka at Russia House. $350 in vodka consumed by the above :-)

Second day the presentations are pretty interesting.

The Bluetooth full channel capture was pretty cool.

Anatoly -->

Podcast 51- WPA, Utimaco, FISMA, MI6

podcast@secthis.com (Naftulyev, Moon, Elberg) — Mon, 05 Jan 2009 07:52:39 PST

Hosts

Music

Jonathan Coulton

No we are not dead!

podcast@secthis.com (Naftulyev, Moon, Elberg) — Tue, 28 Oct 2008 16:31:10 PDT

But much like last year - summer is an extremely busy period for us security geeks. Our wives make us go outside and do stuff with them!

Seriously the 4 week hiatus did turn out to be a bit longer than planned. BUT we are planning on starting up the recordings once again early October. I still have one in the can that needs to be uploaded (although of course all the segments are on non-current topics at this point)

So stay tuned for more secthis.com podcasts coming soon!

Podcast 49 - Idiots, SCADA, ID Theft, Apple

podcast@secthis.com (Naftulyev, Moon, Elberg) — Sun, 29 Jun 2008 20:42:37 PDT

Disgruntled admin gets 63 months for massive data deletion
Intellipedia?
AT&T manager on laptop loss: 'It is pathetic'
FTC wants to hit the spyware guys where it hurts
Software security hole shows utilities and other infrastructure vulnerable
Verizon Business 2008 Data Breach Investigations Report
Bank of America check card data compromised
Ransomware
We lost both Ben and Doug 30 min into the podcast - excuse the slight dead air.
Intro music by Walt Ribeiro - Rush

Hosts

Podcast 48 - Google, Apple, RIAA, SCADA

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 05 Jun 2008 15:24:40 PDT

Hosts

Gene Naftulyev, CISSP
Anatoly Elberg, CISSP

Podcast 47 - DoD, UK, Privacy, Hope, Trust

podcast@secthis.com (Naftulyev, Moon, Elberg) — Tue, 27 May 2008 09:31:20 PDT

Hosts

Gene Naftulyev, CISSP
Doug Drew, CISSP

Podcast 46 - RIAA, Google, ID Theft, EFF

podcast@secthis.com (Naftulyev, Moon, Elberg) — Mon, 12 May 2008 16:19:22 PDT

Hosts

Gene Naftulyev, CISSP
Doug Drew, CISSP
Dave Meier, CISSP

Podcast 45 - China, FBI, XP, Malware - FIXED

podcast@secthis.com (Naftulyev, Moon, Elberg) — Sun, 27 Apr 2008 23:54:35 PDT

Hosts

Gene Naftulyev, CISSP
Doug Drew, CISSP

Podcast 44 - Russia, Blackberry, RIAA, PI, Spyware

podcast@secthis.com (Naftulyev, Moon, Elberg) — Mon, 07 Apr 2008 13:55:49 PDT

Hosts

Podcast 43 - Social Engineering, PCI, Events, DRAM

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 06 Mar 2008 16:01:44 PST

Hosts

Podcast 42 - PI License, Shmoocon Retrospect

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 06 Mar 2008 07:04:32 PST

Forensics requires a PI license
Welcome to Cyberwar Country, USA
Shmoocon Speakers
Thanks to surbo from i-hacked.com
Thanks to Hak5
Computerworld: Mozilla Raises Firefox Security Bar
Use of Rogue DNS Servers on Rise

Hosts

Podcast 41 - China, Privacy, EU

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 21 Feb 2008 13:03:11 PST

Hosts

Gene Naftulyev, CISSP
Anatoly Elberg, CISSP

Podcast 40 - TJX, Europe, Tasers, Shmoocon

podcast@secthis.com (Naftulyev, Moon, Elberg) — Mon, 11 Feb 2008 17:59:23 PST

Shmoocon - if you go, say hi to Anatoly and Doug
Yes this is Episode #40 - #39 will be part of the 'lost episodes' special sometime in the future!
TJX data breach doubles from 45.6MM to 94MM accounts
Pandemic wargame exposes gaps in financial service firms' disaster
Phishing scheme cons grocery chain out of $10MM, lawsuit reveals
European banks remain complacent about compliance and security, survey
Switzerland Tells Antipiracy Group Tactics Violate Law
Analysis: Rogue Trader at Societe Generale Leads to $7 Billion Fraud-Related Loss
Man Files Patent For Taser-Proof Clothing
ISSA Journal

Hosts

Gene Naftulyev, CISSP
Doug Landoll, CISSP

Shmoocon Ticket Winner Anounced

podcast@secthis.com (Naftulyev, Moon, Elberg) — Wed, 30 Jan 2008 08:33:53 PST

The winner of the Shmoocon ticket is Chris McBee!

Chris you have 48 hours to email me back to claim your ticket or an alternate will get it.

Thanks to everyone who wrote in, we appreciate your continued listenership!

Gene

Podcast 38 - Shmoocon Promo, CA, Sears, WiFi

podcast@secthis.com (Naftulyev, Moon, Elberg) — Tue, 08 Jan 2008 12:41:24 PST

Shmoocon Ticket Giveaway
SANS certifications
Numbers: ITIL, COBIT and More; Who Uses What?
Sears: Come see the softer side of spyware
CA’s Web Site Hacked by Malware Authors
WiFi piggybacking
Packing.org gone but check out handgunlaw.us
State Hacking/Computer Security Laws

Hosts

Free Shmoocon Ticket Promo

podcast@secthis.com (Naftulyev, Moon, Elberg) — Sat, 05 Jan 2008 14:27:29 PST

Did you try to get a Shmoocon ticket and miss your opportunity?

Well on the next podcast we will be announcing a contest for a free ticket to Shmoocon! If you want to get a in early here is what you need to know:

Send us your name, email, and either your phone number or linkedin.com profile link - so we can validate that you are a real person.
Tell us in one sentence why you should get a free Shmoocon ticket.
Winner will be randomly selected from all entries.

Once a winner is picked at the end of Jan, we will contact you and send you a secthis.com shirt and pass to Shmoocon.

Good luck!

-Gene

Dec 2007 Special Anouncement

podcast@secthis.com (Naftulyev, Moon, Elberg) — Wed, 26 Dec 2007 12:29:24 PST

Happy Holidays!

We are not putting out a new episode until Jan - but we wish everyone a great Christmas and New Year (and Appolo's Birthday!)

If you are a listener and LinkedIn member and would like to be part of the secthis.com group (and get a logo) follow this link.

http://www.linkedin.com/e/gis/47498/104EB3149259

For those who are not on LinkedIn - it is a professional contact management website where you can stay in touch with past co-workers and other professionals. Sort of a Facebook for the VPs, Directors, Professionals, etc.

Podcast 37 - Shmoocon, TJX, China, Netflix

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 06 Dec 2007 11:33:18 PST

Hosts

Gene Naftulyev, CISSP
Anatoly Elberg, CISSP

Podcast 35 - PGP, Mafia, Botnet, Passwords

podcast@secthis.com (Naftulyev, Moon, Elberg) — Fri, 16 Nov 2007 17:49:24 PST

Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"

Hosts

Podcast 34 - Fingerprints, NSA. Web2, Spending

podcast@secthis.com (Naftulyev, Moon, Elberg) — Fri, 16 Nov 2007 17:47:47 PST

Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"
Doug's Book - Performing an Information Security Risk Assessment (Hardcover)
Intro Six Mile Bridge 2001

Hosts

Podcast 33 - ArcSight, Privacy, Toys, Onion, Credit, Blow

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 04 Oct 2007 15:01:33 PDT

Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"

Hosts

Podcast 32 - China

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 20 Sep 2007 13:29:33 PDT

Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"
Pentagon Hacked by Chinese Military
China accused of cyberattacks on New Zealand
France Complaining of China Hacks Too
Brief: China claims hackers stole its secrets too
Group releases free iPhone unlock hack
Names, Contact Info on TD Ameritrade Customers Compromised
TJX Data Criminal Gets Five Years in Prison
Jack Thompson Decides He's In GTA IV
Windows worm targets Skype users
And why I don't drink French Vodka! French Diplomat Softens Tone on Iran Nuke Program
Note: Episode 31 had sound issues but I will try to salvage as much as I can and post it.

Hosts

Gear: A new section of this website

podcast@secthis.com (Naftulyev, Moon, Elberg) — Sun, 16 Sep 2007 18:57:47 PDT

NOTE: All future secthis gear reviews will be located at gear.secthis.com - this is a sample.

As hosts of secthis.com podcast we are always buying new gear - be it tech or firearms - and often we talk about it on the podcast. Well now we are going to add a new section to the website where we post short reviews of this gear - in secthis.com style of first having a drink, then writing a review!

If you think this is a good idea, let us know by emailing Gene. If this is a bad idea then email Mooner! No seriously send any of us mail and let us know what you think.

We have a number of items that we are ready to review for you, so let me start with the first utterly useful item!

Citizen Skyhawk Atomic Eco-Drive

I have been looking at getting a rugged, automatic, more full featured watch for a while. The main objectives that this watch had to fulfill were:

It needed to be an Automatic - either a self winder of solar
It needed to show at least 2 time zones
It needed to have night viewing - whether tritium or back lighting

Watches with dual time zones are generally referred to as GMT models. So while I really like the look of the Rolex GMT Master II, it would not have passed the 'wife' test, nor does it have tritium or back lighting. I did find a KHS Operator Timer, great looking Tritium watch, but it was neither an Automatic nor a GMT.

After doing more research I did find an automatic Tritium watch, but again it was not a GMT. This was the Tracer Classic Auto Pro. If I did not need the GMT capability I would certainly have purchased this watch. It really looks nice and uses the same Swiss Auto mechanism as the Omega watches.

So was there a watch that was Automatic, GMT, and Tritium? Well as it turns out there is one - the Ball Engineer Hydrocrbon GMT - and my finger was on the purchase button when my wife stopped by and convinced me not to buy it. She made me a deal that if I she'd buy it for me as soon as she passed her CISSP.

So I was back to looking for an Automatic, GMT, with Tritium. I expanded my search to include solar watches not just mechanical automatics. I still wanted dual time zones, and either tritium, or some other backlight. I found a few models that seemed to fit the bill until I stumbled on the Citizen Nighthawk. This was a nice solar watch that combined solar power, second time zone and a decent backlight.

Again I was ready to buy, but while doing a price search, I found the Citizen Skyhawk Atomic Eco-Drive - another model that had the same features, but also had a 3 timezone display, and received the radio signal broadcast from the atomic cesium clock in CO. On top of that it had a very nice rotating slide rule. This seemed like it would fit the bill!

So now I have a watch which keeps time as precisely as a GPS, is self-powered even if I am not wearing it, and has amber LED back lighting which won't kill my night vision. If you look at the closeup video you can see that it has a constant UTC (GMT) face, a 24 hour local time zone face, a main 12 hour local time face, and another time zone display is possible in the digital display.

It may not win any style awards at the office, but in the field this is a ruged, completely automatic (it will even switch to daylight savings automatically), and functional watch for anyone who needs more than a basic dress watch. Retail under $600 is well under many of the Swiss watches I looked at. And here is the short closeup video.

Gene Naftulyev, CISSP

Podcast 30 - iPhone, China, Germany, Sony

podcast@secthis.com (Naftulyev, Moon, Elberg) — Thu, 20 Sep 2007 13:13:50 PDT

Hosts