An Information Security Place

An Information Security Place Podcast – Episode 01 for 2012

Michael Farnum — Fri, 06 Jan 2012 10:04:07 +0000

Wow! 6 Months…and 2 job changes later, we are finally back to recording! YEAH!….Here the latest show from our intrepid hosts.

Show Notes:

InfoSec News Update –

The Hacker News Hacking Awards : Best of Year 2011 – Link Here
Japan’s Anti-Virus Virus – Link Here
Nginx (pronunciation: “engine-ex”) becomes #2 web server
Saudi hackers break into Israeli site – Link Here
3 Surefire Ways to Tick Off an Auditor – Link Here
OWASP AJAX Crawling Tool – Link1 / Link2

Discussion Topic – 2012 Breach Report

Care2 Discloses Breach; Company Has Nearly 18 Million Members – Link Here
AntiSec hit California and NY Law Enforcement Sites – Link Here
Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank – Link Here

Music Notes:Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour Dates:

Jan 6 – Dallas – Curtain Club
Jan 27 – Dallas – Trees
Jan 28 – Dallas – Trees
Mar 2 – Dallas – Curtain Club – 7th Album CD Release Party
Mar 3 – Houston – BFE Rock Club
Mar 24 – Fort Worth – The Rail Club
May 5 – Dallas – Renos Chop Shop

Intro – RivetHead – “The 13th Step”

News Bed – RivetHead - “Beautiful Disaster”

Discussion Bed – RivetHead - “Difference”

Outro – RivetHead – “Zero Gravity”

Link to MP3

An Information Security Place Podcast – Episode 07-2011

Michael Farnum — Wed, 13 Jul 2011 12:26:30 +0000

Today we have an interview for you. Michael had a great time sitting down with four gentlemen (they might not all agree with that term) from SpiderLabs over at Trustwave. The aforementioned SpiderLabs folks were Nicholas Percoco (@c7five), Steve Ocepek (@nosteve), Matt Jakubowski (@jaku), and Zack Fasel (@zfasel) – those are Twitter aliases for you newbs out there.

They went over their respective histories, talked about SpiderLabs and their leetness, discussed a few talks that they are doing at DEFCON, talked about their party at DEFCON that will be held in a super-secret location, and went through about 50 SpiderLabs insider jokes.

Michael is also pretty sure someone (Zack) was enjoying adult beverages (Zack) during the recording (Zack), but he might be wrong…

Enjoy the show. And once again, thanks to Rivethead for the tracks. Go out to their website to see the latest on them, where they are playing, and all their news.

An Information Security Place Podcast – Episode 06-2011

Michael Farnum — Thu, 02 Jun 2011 12:05:00 +0000

A lot of discussion in this episode. And what is more funny is Dan actually cuts Jim off on a subject. Yes, you heard it right. The famous “Web Security Minute Turned to 20 Minutes” Dan makes Jim stop talking. I guess the end of the world IS here!

Oh, and Dan leads us into the Land of Many Links with his Clickjacking story.

Show Notes:

InfoSec News Update -

HouSecCon 2011 update – Registration is open – Link Here
PCI Physical badging Gap – Link Here
Using Mario against us (evil) – Link Here
FUD article of the day – Half of lost/stolen mobile device have sensitive info on them – Link Here
Defining appropriate Cyber Attack response, A.K.A Eat my cruise missile you Commie, Pinko hacker! – Link Here
Clickjacking, Cookiejacking oh my! – Link 1 / Link 2 / Link 3 / Link 4
Can you have too much security? – Link Here

Geek Toys -

Ubertooth-one starting to ship – Link Here
Pwnie Express Rides – Link Here

Discussion Topic – Five Infamous Database Breaches So Far In 2011 – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3

An Information Security Place Podcast – Episode 05-2011

Michael Farnum — Thu, 19 May 2011 04:59:09 +0000

I am tired of making excuses about us being late, so here is friggin’ episode #05-2011. Have fun!

Show Notes:

InfoSec News Update -

HouSecCon 2011 update – Registration is open – Link Here
Michaels Breached due to Card Skimmers – Link Here
Dropbox saga continues (and heads to the feds) – Link 1 / Link 2 / Link 3
Fox Broadcasting hacked – Link Here
Verizon Business releases their 2011 DBI Report – Link Here (NOTE: LINK TO PDF)
Mythbusting: Static Analysis Software Testing – Link Here
LastPass incident handling – Link Here
CVRF – Common Vulnerability Reporting Framework – Link here

Discussion Topic – Scoping too small…

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

Link to MP3

An Information Security Place Podcast – Episode 04-2011

Michael Farnum — Thu, 14 Apr 2011 11:11:23 +0000

Hey, all three of us are here, and on schedule…. somebody check the temp outside

Show Notes:

InfoSec News Update -

TexSecConTriangle.com coming soon – HouSecCon, BSidesDFW, and LasCon
Gonzales Update – Link Here
Dropbox Pwnage -Link Here
TX exposes 3.5 Mill records – Link Here
Yet another Security Company Fail – Link Here
IPhone keylogger – Link Here
Law Firms Under Siege – Link Here

Discussion Topic – Reading the Fine Print in Cloud Computing – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3

An Information Security Place Podcast – Episode 03-2011

Michael Farnum — Fri, 01 Apr 2011 12:16:42 +0000

So it took a bit longer this time due to scheduling, and bodily harm on Michael’s part… but we finally got another episode recorded. Enjoy.

Show Notes:

InfoSec News Update -

HouSecCon 2011 – Call for Papers is still On
The Data Breach Final Four Bracket – Link Here
Watching the Fall Out….Again – RSA Hacked – Link Here
Samsung Installing A Keylogger on New Laptops…. Or Maybe not – Link 1 / Link 2 /Link 3
HealthNet Breach – Link Here
NASA Needs to Develop A Security Program – Link Here
Mass SQL Injection – Link Here
Personal Story – Really Sketchers? Really?

Discussion Topic – How Detailed is Your DR Plan?

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”

News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to MP3

An Information Security Place Podcast – Episode 02-2011

Michael Farnum — Thu, 24 Feb 2011 06:38:12 +0000

We have a little bit of innuendo humor on this episode, and we all break into some hysterics (it’s all in the geek toys section, so fast forward if you want to hear all that). Around that is some information and opinion on InfoSec stuff. We figured we would throw that in there because of the name of the podcast, but whatever…

Show Notes:

InfoSec News Update -

HouSecCon 2011 Call for Papers – Link Here
Busting DLP Myths or Playing with Hype? Link Here
Google collecting kid’s info (including last 4 of SSN) for Doodling contest – Link Here
Smartphone security threats overdramatized – Link Here
7 Deadly Sins – Link Here
Another certification debate – Link Here
Abusing HTTP Status Codes to Expose Private Information – Link Here

Geek Toys –

Dream Plug PC – Link Here
ATI 5970 for the GPU Win – Link Here for Specs / Link to Hashcat Forums

Discussion Topic – Saying No to Bad Patents – Link 1 / Link 2 / Link 3

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

Feb 26th – in Carlsbad NM
March 19 – The American Airlines Center at the Dallas Stars Hockey Game

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Link to file

An Information Security Place Podcast – Episode 01-2011

Michael Farnum — Fri, 04 Feb 2011 15:16:00 +0000

Thomas Jefferson said, “Delay is preferable to error.” Martin Luther said, “Who waits until circumstances completely favor his undertaking will never accomplish anything.” So depending on which quote you like, we either took a long time to record a new episode so we would do it right, or we are just a bunch of slackers. I prefer the former, but I am biased…

In either case, we’re back, and in the immortal words of Rivethead, we’re “Stirring It Up Again” (you’ll read about Riverthead below and hear about them in the podcast). Jim, Dan, and I got together on a cold and stormy night (at least in Houston and Denver) to talk about all things InfoSec. Show notes are below. Oh, and yes, we are going with a new theme for numbering our episodes. I think it takes away the pressure a little myself since I don’t have to worry about huge numbers for episodes. Of course, I’ll have to count now, which sucks (thanks Jim).

Show Notes:

InfoSec News Update -

Study shows non-compliance more expensive than compliance (study was sponsored by Tripwire) – Article Link / Report Link
Security Fail – When Trusted IT members go bad!! – Link Here

“It’s a CIO’s worst nightmare: You get a call from the Business Software Alliance (BSA), saying that some of the Microsoft software your company uses might be pirated.

You investigate and find that not only is your software illegal, it was sold to you by a company secretly owned and operated by none other than your own IT systems administrator,
a trusted employee for seven years. When you start digging into the admin’s activities, you find a for-pay porn Web site he’s been running on one of your corporate servers.
Then you find that he’s downloaded 400 customer credit card numbers from your e-commerce server.

And here’s the worst part: He’s the only one with the administrative passwords.”

Looking back at old security news – have we made progress?? – Link Here (Registration required for full article)
A SLOW Death! – Link Here
Egypt gets Internet connection back – Link Here
Ever Cookie’s Anyone? – Link Here

Discussion Topic #1 – CSRF and Clickjacking – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

Feb 19th – Playing Curtain Club Dallas, TX

Feb 26th - in Carlsbad, NM

March 19th – American Airlines Center at a Dallas Stars Hockey game

Intro – RivetHead – “Stirring It Up Again”

Outro – RivetHead – “Zero Gravity”

Link to MP3

An Information Security Place Podcast – Episode 37

Michael Farnum — Wed, 23 Jun 2010 11:19:44 +0000

All three of us are on this time. Some good talk about disclosure and web app firewalls, and Google, and some other stuff. Enjoy!

Show Notes:

InfoSec News Update -

Web App Firewall Discussion Continues – Link 1 / Link 2 / Link 3 / Link 4
Good Ole’ Firmware Hack – Link Here
Small and MidSize Businesses are Getting Serious About Security – Link Here
Looking for the Next Generation of Security Folks -Link Here
“POET” Released – Link Here
Fingerprinting the Bad Guys – Link Here
Careful Where You Sext! – Link Here
Encouraging Everyone to Participate in the Survey -Link Here

Discussion Topic #1 – Google Is Watching Your Wifi, But do You Really Care?

Discussion Topic #2 - Ye’ Old “Disclosure” Debate…Again?!? Link 1 / Link 2

Music Notes –

Intro / Outro – Digital Breaks – “Therapy”
Segway #1 – Building Rome – “Bored”
Segway #2 – This is Fiction – “Breathe”
Segway #3 – Patent Pending – “Los Angeles”

Link to MP3

An Information Security Place Podcast – Episode 36

Michael Farnum — Thu, 03 Jun 2010 03:33:57 +0000

So do we suck or what? Sorry that its taken so long for us to get another episode out… things have been crazy busy for all of us.

Anyway for this episode, Dan and Jim found themselves with 30 minutes or so of spare time, not much of a script, and working mics (Michael was working on a couple of proposals and an RFP that is due in two days); so they sat down and simply recorded an unscripted show of rambling about things that are going on for the moment.

Info Sec News Moments:

Kudos to MS’ IE 8 Add Campaign – Link Here
Jim’s 4.5 Seconds of fame – DenverGov website Hack – Link Here
Android and the SMS Rootkit Hack – Link Here
Google Ditching Windows due to Security Concerns – Link Here
Denver OWASP – SnowFroc Con – Link Here

Music Notes:

Intro / Outro – Digital Breaks – “Therapy”

Link to MP3