Jan 232014


Jim, Dan, and Michael have a lot of catching up to do. We talk about a lot of stuff because a lot of stuff has been happening. From RSA, NSA, QSAs… security is busy! Show notes below!

Show Notes:

InfoSec News Update –

  • 123456 is the new best of the worst – Link
  • RSA Conf and those skipping it this year – Link
  • Fixing a flawed VA medical records system: Tenacity pays off for a researcher – Link
  • Do you believe the Obamacare website is secure? These guys don’t – Link1, Link2, Link3
    • Discussion Topic – The Failure Themes of the Target Breach:

    • Massive Props to Brian Krebs on his coverage of the whole debacle – Krebsonsecurity.com
    • AntiVirus Takes it on the Chin …Again – Link
    • Egress Filter Much? – Link
    • Credit Card Processing Fundamentally flawed – Link
    • EMPHATIC POINT OF THE PODCAST!! Complacent with Compliance … again PCI!= security

      Music Notes: Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

    • Intro: “Stay Alive“ – Rivethead
    • Segment 1 – “CricketBat” – RivetHead
    • Segment 2 – “Burn Us Down” – Early Morning Rebel
    • Outro: “Zero Gravity“ – RivetHead

    Link to MP3

Jun 032010


So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

Info Sec News Moments:

  • Kudos to MS’ IE 8 Add Campaign – Link Here
  • Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
  • Android and the SMS Rootkit Hack – Link Here
  • Google Ditching Windows due to Security Concerns – Link Here
  • Denver OWASP – SnowFroc Con – Link Here

Music Notes:

Link to MP3

May 032010


Episode 35 is here. The format is different today. Instead of you listening to Dan, Jim, and me yap about news and pontificate about security topics, you are going to hear a talk I gave at the Texas Technology Summit in early April 2010.  The talk title and synopsis are below, along with a link to the slide deck.

Title: Breaking Down the Enterprise Security Assessment

Synopsis: Many enterprise security assessments look at too few attack vectors or do not dig far enough into the attack vectors once a vulnerability has been discovered.   Come join a discussion on the breakdown of a security assessment, explore the essential attack vectors, and debate the depth to which the assessment should go.

Link to MP3

Link to slides

Jul 092009


Link to MP3

Episode 21 is up and going. Looks like Jim and I are back on a regular cycle again. Hopefully it stays that way! Here are the show notes:

InfoSec News Update –

  • Goldman Sachs looses its secret sauce online – Link Here
  • Fed gets and F on Physical Security – Link Here
  • North Korea Blamed in Cyber Attacks over July 4th – Link Here
  • Juniper Pulls ATM hacking preso from BH – Link Here
  • Month of Twitter Bugs – Link Here
  • 10 Things Your Auditor Isn’t Telling Your – Link Here
  • New head of MI6 wears Speedos on Facebook – Link Here
  • Algorithm for Predicting and guessing SSNs – Link Here
  • Iphone SMS Vulnerability – Link Here
  • Study – Oracle Users struggle with patch management – Link Here

Discussion Topic – Cloud Computing – is it a security nightmare waiting to happen? – Link Here

Consultants Corner – Developing an offering before going public!

Music Notes:

Jan 292009


Link to MP3

Episode 14 is here. First off, let me thank everyone that is listening to Jim and me spout off about everything. Fourteen shows does not seem like a big number, but it involves a lot of work getting this going (especially on Jim’s part – thanks Jim) and keeping it going, and Jim and I appreciate everyone sticking in there with us.

Second, we have made some changes with my setup, so there might be a sound difference and some issues with this episode. Forgive us as we get some new kinks worked out.

Third, this episode includes an interview with Mike Rothman from eIQnetworks. You might know him better as that guy from Security Incite that has a yankee accent and tells everyone what he is thinking. Either way, Mike is a great guy and a great friend, and I was honored to interview him. I think you will enjoy that portion of the show.

And lastly, there is a programming note. The geek toys segment that is brought to you by Jim every show is now going to be made more of a quarterly thing. The reason is because Jim has to find something to talk about every time, and it is getting a little more difficult to find something for every show.

Here’s the breakdown of the show.

Show Notes:

InfoSec News Update: there’s been a lot happening the last two weeks

DiscussionNew president declares his plan for US Cyber Security (more cynicism from Michael)

Vendor Interview – Michael interviews Mike Rothman from eIQnetworks

Consultants Corner –Combining compliance initiatives and what that means for security practices

Music Notes:

Oct 162008


Link to MP3

Show notes:
Segment 1 – InfoSec News Update

Interview Segment:

Geek Toys: Jasager on the FON Router – Watch Episodes 403 and 405 of Hak5 or hop over to DigiNinja’s Jasager page

Consultants Corner: Discussion on doing some due diligence on checking vendor claims.  Open discussion on the recent Evil Bits Darkreading blog post

Music Notes:

  • Intro/Outro – Digital Breaks – “Therapy”
  • Segway 1 – Jimmie Bratcher – “Bad Religion”
  • Segway 2 – The Erotics – “Walk All Over You”
  • Segway 3 – Megaphone – “Not Your Enemy”
  • Segway 4 – Kickstart – “Theme Song”