http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2015-10-14 12:41:36 - Network Security Blog : It s taken me a lot longer than it should have, but I finally got my interview with Natalya Kaspersky, CEO of InfoWatch and former CEO of Kaspersky Labs from the G Data Summit edited and posted We talked about the nature of current threats against enterprises hint think APT and nationstate as well as current http://www.secuobs.com/revue/news/586701.shtmlhttp://www.secuobs.com/revue/news/586701.shtml Secuobs.com : 2015-10-08 17:09:29 - Network Security Blog - A couple of weeks ago at the G Data Summit in Bochum, Germany, I got a chance to talk to Dr Thorsten Holz, CEO and Director of the Horst Gortz Institute of IT Security at Ruhr University Dr Holz and I talk about the nature of training the next generation of security professionals and how http://www.secuobs.com/revue/news/586104.shtmlhttp://www.secuobs.com/revue/news/586104.shtml Secuobs.com : 2015-10-06 16:49:37 - Network Security Blog - A couple of weeks ago I was invited to the G Data Summit in Bochum, Germany to take part in a celebration of G Data s 30th anniversary Being the oldest anti-virus company in the world is a little something for them to crow about During the event, I got a chance to interview Walter Schuman, http://www.secuobs.com/revue/news/585818.shtmlhttp://www.secuobs.com/revue/news/585818.shtml Secuobs.com : 2015-10-02 16:19:07 - Network Security Blog - I wish it hadn t taken me so long to find the time to edit this podcast, because this interview with Jen Ellis infosecjen on Twitter is pretty good, no thanks to me Jen Ellis had given a talk earlier in the week and Chris John Riley and I finally managed to track her down to http://www.secuobs.com/revue/news/585495.shtmlhttp://www.secuobs.com/revue/news/585495.shtml Secuobs.com : 2015-09-03 12:35:38 - Network Security Blog - I sat down for a few minutes at Black Hat to talk to Jeff Williams, the Chief Technology Officer of Contrast Security We spent a little time reviewing his past, which includes penning the OWASP Top 10 we all know and love, as well as talking about the work he does in application security now http://www.secuobs.com/revue/news/582307.shtmlhttp://www.secuobs.com/revue/news/582307.shtml Secuobs.com : 2015-08-27 16:17:58 - Network Security Blog - I was able to catch up with Keren Elazari at Black Hat We talked about her presentation at BSides Hack the Future and what it means to us as security professionals Keren highlights how bits are controlling atoms more and more every day and how the next 20 years are going to make the changes http://www.secuobs.com/revue/news/581611.shtmlhttp://www.secuobs.com/revue/news/581611.shtml Secuobs.com : 2015-08-20 15:22:17 - Network Security Blog - I had a chance to catch up with my friend, Jason E Street at Black Hat in order to talk to him about a few of the projects he has going on In addition to full time employment he s an author, he s working to revitalize Defcon Groups and he s helping to publicize the efforts by http://www.secuobs.com/revue/news/580820.shtmlhttp://www.secuobs.com/revue/news/580820.shtml Secuobs.com : 2015-08-19 12:49:52 - Network Security Blog - I got to catch up with Paul Kurtz, CEO of TruSTAR Technology and former advisor to the White House on cybersecurity Paul and I talk about his work under a President and a President Elect, information sharing and the OPM hack This was one of the more interesting interviews I did at Black Hat, at http://www.secuobs.com/revue/news/580676.shtmlhttp://www.secuobs.com/revue/news/580676.shtml Secuobs.com : 2015-08-16 13:38:58 - Network Security Blog - I sat down for a few minutes to talk to Dr Engin Kirda, Chief Architect at Lastline and professor at Northeastern University in Boston We discussed the next generation of security professionals and his BH talk about the sophistication or lack thereof in modern ransomeware And, as with all interviews this conference, I asked about the OPM http://www.secuobs.com/revue/news/580361.shtmlhttp://www.secuobs.com/revue/news/580361.shtml Secuobs.com : 2015-05-11 10:23:53 - Network Security Blog - It s been an interesting ride ever since Edward Snowden came out with the revelations about NSA spying efforts two years ago There was a huge public outcry at first, both from the side who believes spying on your own citizens is necessary and from the side who believes spying on your own citizens is a http://www.secuobs.com/revue/news/570302.shtmlhttp://www.secuobs.com/revue/news/570302.shtml Secuobs.com : 2015-05-07 13:19:27 - Network Security Blog - I got a chance to talk to Mike Walls, Edgewave s Director of Cyber Operations and ex-Navy pilot on the floor of the RSA conference I chose Edgewave to talk to specifically because of their marketing material and the number of buzzwords they used to discribe themselves Mike does a fair job of defending and refining http://www.secuobs.com/revue/news/570009.shtmlhttp://www.secuobs.com/revue/news/570009.shtml Secuobs.com : 2015-05-05 21:57:06 - Network Security Blog - I got a chance to sit down with Jason Straight, SVP and Chief Privacy Officer Jason works on the legal side of security, meaning as a lawyer, not law enforcement The conversation covers international legal concerns, privacy and communicating with your own legal counsel, just to mention a few of the topics The interview was http://www.secuobs.com/revue/news/569797.shtmlhttp://www.secuobs.com/revue/news/569797.shtml Secuobs.com : 2015-05-05 09:12:38 - Network Security Blog - My teenagers, like many teenagers, are curious about what their father does for a living They ve been to maker faires, security conferences, unconferences, Defcon, BSides, Hack in the Box, and they ve really enjoyed them all They ve heard me talk about all sorts of current events in the context of computer security Quite frankly, I m a little http://www.secuobs.com/revue/news/569695.shtmlhttp://www.secuobs.com/revue/news/569695.shtml Secuobs.com : 2014-10-21 19:51:34 - Network Security Blog - I ve been blogging for some other sources lately It s interesting to be creating articles for someone other than myself, because I put more thought into it and spend more time trying to organize my thoughts and outline the article before I put virtual pen to paper I m writing for IBM s Security Intelligence blog they re an http://www.secuobs.com/revue/news/541840.shtmlhttp://www.secuobs.com/revue/news/541840.shtml Secuobs.com : 2014-10-15 09:06:40 - Network Security Blog - TL DR Disable SSL immediately As of this morning SSL appears to be dead or at least dying The POODLE vulnerability in SSL was released last night, basically revealing a vulnerability in the way that SSL v3 uses ciphers and allows an attacker to make a plain-text attack against the encrypted traffic This makes the third http://www.secuobs.com/revue/news/540149.shtmlhttp://www.secuobs.com/revue/news/540149.shtml Secuobs.com : 2014-10-06 08:03:41 - Network Security Blog - I understand enough about encryption to get myself in trouble, but not much more I can talk about it intelligently in most cases, but when we get down to the nitty gritty, bit by bit discussion of how encryption works, I want to have someone who s really an expert explain it to me Which is http://www.secuobs.com/revue/news/538659.shtmlhttp://www.secuobs.com/revue/news/538659.shtml Secuobs.com : 2014-09-26 08:42:35 - Network Security Blog - I love listening to idealists In fact, I d be one if it wasn t for the crushing despair and cynicism that working in the security profession has instilled in me Or maybe I work in this field because the crushing despair and cynicism already existed In either case, I ve lost the ability to even think we http://www.secuobs.com/revue/news/536929.shtmlhttp://www.secuobs.com/revue/news/536929.shtml Secuobs.com : 2014-09-15 08:31:34 - Network Security Blog - I limit online time Not for me, for my children Apparently I m among a fairly prestigious group of people who do so, since many of the C-level execs in Silicon Valley also limit their children s time with tech Though it looks like many of them are even stricter than I am about how much time http://www.secuobs.com/revue/news/534866.shtmlhttp://www.secuobs.com/revue/news/534866.shtml Secuobs.com : 2014-09-09 09:00:57 - Network Security Blog - We all know that Target got compromised last year, but what some of you might not know is that the banks who issued the credit cards that were compromised are suing Target They re saying that because Target didn t take sufficient measures to protect the card data the banks had to spend millions of dollars in http://www.secuobs.com/revue/news/533763.shtmlhttp://www.secuobs.com/revue/news/533763.shtml Secuobs.com : 2014-09-08 09:00:33 - Network Security Blog - If you follow me on twitter, you know I like to throw out questions occasionally just to stir things up On Friday I asked the following question about jobs in the security realm We keep hearing about how desperate companies are to hire infosec professionals So how come we still see so many low ball http://www.secuobs.com/revue/news/533422.shtmlhttp://www.secuobs.com/revue/news/533422.shtml Secuobs.com : 2014-09-05 08:04:22 - Network Security Blog - Wow, it s been seven years since Rich Mogull left Gartner and started Securosis I met him shortly before he took the leap, introduced by a mutual friend, Richard Stiennon I worked with Rich and a host of others to organize the first Security Bloggers Meetup at RSA, which is still going, and when I heard http://www.secuobs.com/revue/news/533138.shtmlhttp://www.secuobs.com/revue/news/533138.shtml Secuobs.com : 2014-08-25 13:15:27 - Network Security Blog - Almost exactly a year ago my family and I moved from Northern California to 20 miles west of the capital of the United Kingdom, London It was the start of an adventure that s exposed us to a new culture, cut us off from most of our friends and family and made massive changes to how http://www.secuobs.com/revue/news/531367.shtmlhttp://www.secuobs.com/revue/news/531367.shtml Secuobs.com : 2014-08-22 08:11:43 - Network Security Blog - It s true, we don t want little things like experience and a broad knowledge of the landscape of technology getting in the way of our policy makers, now do we Or at least that seems to be the way US White House cybersecurity coordinator, Michael Daniel thinks Why get lost in an understanding of the big http://www.secuobs.com/revue/news/530994.shtmlhttp://www.secuobs.com/revue/news/530994.shtml Secuobs.com : 2014-08-21 07:57:44 - Network Security Blog - The compromise of Community Health Systems CHS is being reported as the first major breach involving the Heartbleed vulnerability The details are slim, but apparently the vulnerability was exploited on a Juniper remote management console that hadn t been properly updated Heartbleed is an OpenSSL vulnerability that allows an attacker to dump part of the memory http://www.secuobs.com/revue/news/530796.shtmlhttp://www.secuobs.com/revue/news/530796.shtml Secuobs.com : 2014-08-20 09:50:17 - Network Security Blog - It s a given that we will have intelligence in our cars within the next decade Quite frankly, there s no way it is avoidable, given the appetite of consumers for all things to be connected to the Internet and too each other In the case of cars, it actually makes sense for them to be talking http://www.secuobs.com/revue/news/530631.shtmlhttp://www.secuobs.com/revue/news/530631.shtml Secuobs.com : 2014-08-18 09:58:31 - Network Security Blog - I want to create a new word, conxhaustion That feeling you have halfway through the conference where you ve been living on 3 hours of sleep a night and realize you have days more to go before you ll sleep normally again I love going to the conferences in Las Vegas every summer Black Hat, Defcon and http://www.secuobs.com/revue/news/530281.shtmlhttp://www.secuobs.com/revue/news/530281.shtml Secuobs.com : 2014-08-04 08:13:57 - Network Security Blog - Well, I told you I couldn t go that long without recording a podcast And a couple of weeks ago I got together with my friends Chris John Riley and Dave Lewis and started a new project, Last Hacker Standing In the inaugural podcast, we talk news straight up, with a twist , alongside our wonderful guest Katie Moussouris from Hacker One http://www.secuobs.com/revue/news/528207.shtmlhttp://www.secuobs.com/revue/news/528207.shtml Secuobs.com : 2014-07-31 09:13:45 - Network Security Blog - Well, this should be interesting The Russian Communications Minister suggested, rather strongly, that Apple and SAP share their source code with the Russian government so that it could be reviewed to make sure it wasn t being used to spy on Russian citizens Yes, Russia is playing the privacy card to sneak a peek at the http://www.secuobs.com/revue/news/527721.shtmlhttp://www.secuobs.com/revue/news/527721.shtml Secuobs.com : 2014-07-30 07:57:43 - Network Security Blog - This looks like an interesting experiment the City of London police have started placing ads on sites for pirated music warning that the visit to the site has been recorded and reported Called Operation Creative , this is an effort by the Police Intellectual Property Crime Unit PIPCU to educate people visiting sites that offer pirated http://www.secuobs.com/revue/news/527503.shtmlhttp://www.secuobs.com/revue/news/527503.shtml Secuobs.com : 2014-07-29 08:59:13 - Network Security Blog - I m sure we ve all heard it before when trying to get approval to travel to conventions This is just a boondoggle and you re going to party the week away Many people believe that the only thing that gets done at security conferences is that a lot of alcohol gets consumed and people get silly at http://www.secuobs.com/revue/news/527340.shtmlhttp://www.secuobs.com/revue/news/527340.shtml Secuobs.com : 2014-07-28 08:38:29 - Network Security Blog - I had an interesting conversation with a relative this week about privacy Which is, of course, why I m writing about it on the blog The irony of the situation doesn t escape me I ve been listening to you and it s made me very careful about what I put on the Internet I have almost no http://www.secuobs.com/revue/news/527148.shtmlhttp://www.secuobs.com/revue/news/527148.shtml Secuobs.com : 2014-07-22 09:23:24 - Network Security Blog - I know security is coming to the public awareness when I start getting contacted by relatives and friends about the security of products beyond anti-virus I think it s doubly telling when the questions are not about how to secure their home systems but about the security of a product for their business Which is exactly http://www.secuobs.com/revue/news/526306.shtmlhttp://www.secuobs.com/revue/news/526306.shtml Secuobs.com : 2014-07-18 09:27:29 - Network Security Blog - If you ve never watched the anime Ghost in the Shell GITS and you re in security, you re doing yourself a great disfavor If nothing else, watch the Stand Alone Complex series as a primer of what we might expect from Anonymous in the future I know my friend Josh Corman tries to sit down to watch it http://www.secuobs.com/revue/news/525859.shtmlhttp://www.secuobs.com/revue/news/525859.shtml Secuobs.com : 2014-07-17 09:10:53 - Network Security Blog - You know things are getting a bit out of hand when you have to patch the light bulbs in your house But that s exactly what the Internet of Things is going to mean in the future Everything in the household from the refrigerator to the chairs you sit in to the lights will eventually have http://www.secuobs.com/revue/news/525612.shtmlhttp://www.secuobs.com/revue/news/525612.shtml Secuobs.com : 2014-07-14 09:04:53 - Network Security Blog - What am I doing here When are they going to realize I don t know what I m doing How long until they fire me for faking it I don t belong with these people, they ve actually done something, while nothing I ve done is remarkable or interesting I m not worthy of this role, of being with these people, http://www.secuobs.com/revue/news/524966.shtmlhttp://www.secuobs.com/revue/news/524966.shtml Secuobs.com : 2014-07-11 10:07:16 - Network Security Blog - You d think that if there was any SSL certificate out there that d be carefully monitored, it d be Google s And you d be right between the number of users of Chrome and the Google team itself, the certs that correspond to Google properties are under a tremendous amount of scrutiny So when an impostor cert is issued http://www.secuobs.com/revue/news/524706.shtmlhttp://www.secuobs.com/revue/news/524706.shtml Secuobs.com : 2014-07-10 08:14:52 - Network Security Blog - Last year I moved to the UK and spend a considerable amount of time in London Therefore I m often on 10, 12, 16 or more cameras at any one time I dislike it intensely, but it was something I knew I d have to be dealing with when I moved There s no evidence that cameras prevent http://www.secuobs.com/revue/news/524494.shtmlhttp://www.secuobs.com/revue/news/524494.shtml Secuobs.com : 2014-07-09 09:20:32 - Network Security Blog - It s coming, and there s no avoiding it That week in Las Vegas when security practitioners from across the globe come together to attend Black Hat, Defcon and BSides LV We jokingly call it security summer camp, but if you set foot outside of the hotels and casinos in the heat of the day, chances are http://www.secuobs.com/revue/news/524312.shtmlhttp://www.secuobs.com/revue/news/524312.shtml Secuobs.com : 2014-07-08 09:08:14 - Network Security Blog - Soon your doctor may be giving you a call to discuss your buying habits and what they mean to your health Carolinas HealthCare is starting a program that looks at your buying habits based on public records, store loyalty programs and credit card purchases Most of which was stuff we thought was supposed to be http://www.secuobs.com/revue/news/524067.shtmlhttp://www.secuobs.com/revue/news/524067.shtml Secuobs.com : 2014-07-07 13:16:01 - Network Security Blog - We knew it was coming it was inevitable The events put in motion last June played right into the hands of the people who wanted to cement their control, giving them every excuse to seize the power and claim they were doing it in defense of their people and their nation Some might even say http://www.secuobs.com/revue/news/523758.shtmlhttp://www.secuobs.com/revue/news/523758.shtml Secuobs.com : 2014-06-18 11:18:16 - Network Security Blog - We d suspected this day would come for quite some time, but it s time to make it official The Network Security Podcast will no longer be a regular, weekly podcast, Rich Mogull and Zach Lanier will not be a consistent part of the podcast The podcast will continue in some form, but it ll be Martin doing http://www.secuobs.com/revue/news/519461.shtmlhttp://www.secuobs.com/revue/news/519461.shtml Secuobs.com : 2014-06-10 19:26:19 - Network Security Blog - Let me start by saying Nikita is brilliant and should be showered for accolades for coming up with this, presumably on the fly Let me give you some background Today was the day the letters about who s talks were accepted for Defcon 22 came out Additionally, all the rejection letters for those not lucky or well prepared http://www.secuobs.com/revue/news/518081.shtmlhttp://www.secuobs.com/revue/news/518081.shtml Secuobs.com : 2014-06-04 09:57:23 - Network Security Blog - One of the advantages of having moved to the UK from California last year is that I often get the chance to attend conferences I never would have dreamed of attending otherwise Thanks to this, last week I was able to attend one of the events I d never hoped to be able to see otherwise, Hack http://www.secuobs.com/revue/news/517018.shtmlhttp://www.secuobs.com/revue/news/517018.shtml Secuobs.com : 2014-05-06 23:53:05 - Network Security Blog - It s been a while since we could last record a podcast, but at least we were able to get Rich and Martin together this week Zach was supposed to join us as well, but got called away to fight a fire at the last minute Such is life sometimes But we got this episode recorded, http://www.secuobs.com/revue/news/512172.shtmlhttp://www.secuobs.com/revue/news/512172.shtml Secuobs.com : 2014-04-06 18:45:59 - Network Security Blog - This afternoon I had a chance to talk to two of the main organizers of one of the biggest security events of the year, BSides London Paul Batson and Thomas Fisher have been working tirelessly or maybe tiredly for months to bring together all of the disparate elements required to make a conference come together And http://www.secuobs.com/revue/news/506733.shtmlhttp://www.secuobs.com/revue/news/506733.shtml Secuobs.com : 2014-04-06 09:58:31 - Network Security Blog - I don t own a Tesla S and probably never will They re beautiful cars, they re sort of ecologically friendly, and they show that you have more money than common sense I use a car to get my family from point A to point B and showing off my wealth or lack there of has never actually http://www.secuobs.com/revue/news/506713.shtmlhttp://www.secuobs.com/revue/news/506713.shtml Secuobs.com : 2014-03-23 23:23:59 - Network Security Blog - Most of the time my competitors are afraid to talk to me on the podcast I m a nice guy to the people I interview, so I don t know why they d be afraid And this year at RSAC, Jag Bains the CTO at DoSArrest took a chance and talked to me While I did bring up that we re http://www.secuobs.com/revue/news/504399.shtmlhttp://www.secuobs.com/revue/news/504399.shtml Secuobs.com : 2014-03-23 12:31:53 - Network Security Blog - I had a chance to sit down with BeyondTrust CTO, Marc Maiffret I ve had conversations with Marc before, but I haven t seen him since he has been at BeyondTrust, so I took this time to find out what they do and how it would be used by the average enterprise As with all my interviews at RSAC, http://www.secuobs.com/revue/news/504375.shtmlhttp://www.secuobs.com/revue/news/504375.shtml Secuobs.com : 2014-03-20 16:51:56 - Network Security Blog - Next month is Infosecurity Europe here in London, taking place from 29 April until 1 May, as well as BSides London on 29 April I ve never had the chance to go to either event and I m really looking forward to my first time Another event that s happening alongside both of these is the European Security http://www.secuobs.com/revue/news/504021.shtmlhttp://www.secuobs.com/revue/news/504021.shtml Secuobs.com : 2014-03-10 08:45:49 - Network Security Blog - I ve never owned a bitcoin, I ve never mined a bitcoin, in fact I ve never really talked to anyone who s used them extensively I have kept half an eye on the larger bitcoin stories though, and the recent disclosures that bitcoin exchange Mt Gox was victim of hackers who stole the entire of the content in http://www.secuobs.com/revue/news/501984.shtmlhttp://www.secuobs.com/revue/news/501984.shtml Secuobs.com : 2014-03-07 17:30:45 - Network Security Blog - This afternoon, while I ate lunch, I watched a new-to-me anime called Pscho-Pass The TL DR summary of the show is a future where everyone is chipped and constantly monitored If their Criminal Coefficient becomes to high, they are arrested for the good of society It doesn t matter whether they ve commited a crime or not, if http://www.secuobs.com/revue/news/501727.shtmlhttp://www.secuobs.com/revue/news/501727.shtml Secuobs.com : 2014-03-06 11:43:53 - Network Security Blog - I m in the middle of writing the DDoS section of the 2013 State of the Internet Report, which is something that makes me spend a lot of time thinking about how DDoS is affecting the Internet Wouldn t be all that valuable if I didn t put some thought into it, now would it Plus I just http://www.secuobs.com/revue/news/501419.shtmlhttp://www.secuobs.com/revue/news/501419.shtml Secuobs.com : 2014-02-12 09:03:09 - Network Security Blog - Hooray The first podcast of the year where all three of us are actually on and we ran slightly longer BSidesSF and RSA are rapidly approaching, so Martin, Rich, and Zach are preparing in various capacities from talk preparation, to scheduling meetings, to preparing their livers namely because that s about the only way to http://www.secuobs.com/revue/news/497343.shtmlhttp://www.secuobs.com/revue/news/497343.shtml Secuobs.com : 2014-02-11 07:21:12 - Network Security Blog - I m of mixed feelings about The Day We Fight Back I think it s a necessary movement, I think our governments have lost their way and are becoming more facist every day I blieve we need to reign in what our law enforcement agencies can and should do But I have no illusions that a banner http://www.secuobs.com/revue/news/497055.shtmlhttp://www.secuobs.com/revue/news/497055.shtml Secuobs.com : 2014-01-25 08:33:41 - Network Security Blog - I ve had an interesting problem for the last few days I can t get to the Hack in the Box site, HITBorg, or the HITB NL site from my home near London Turns out I can t get to the THCorg site or rokabearcom either That makes four hacking conferences who s sites I can t get to And I m http://www.secuobs.com/revue/news/494027.shtmlhttp://www.secuobs.com/revue/news/494027.shtml Secuobs.com : 2014-01-24 08:21:15 - Network Security Blog - I m looking forward to this year s pilgrimage to San Francisco Not that it s ever been a pilgrimage before, since I lived 60 miles away, but now that I live near London, it s a much longer trip I ll be arriving in San Francisco a few days early for a couple of reasons The first is to http://www.secuobs.com/revue/news/493770.shtmlhttp://www.secuobs.com/revue/news/493770.shtml Secuobs.com : 2014-01-22 08:56:59 - Network Security Blog - If you ve ever had to deal with data privacy laws, then you ve probably heard of the EU Safe Harbor framework These are basically a set of 7 basic guidelines Notice, Choice, Onward Transfer, Security, Data Integrity, Access Enforcement that govern how any US company doing business in the EU will treat private information Doesn t http://www.secuobs.com/revue/news/493232.shtmlhttp://www.secuobs.com/revue/news/493232.shtml Secuobs.com : 2014-01-07 08:40:32 - Network Security Blog - In the last couple of weeks Mikko Hyponnen from anti-virus company F-Secure announced that he won t be speaking at the RSA Conference in San Francisco at the end of February His reasoning is that the company, RSA, colluded with the NSA for a fee of 10 million in order to get a weakened version of http://www.secuobs.com/revue/news/490096.shtmlhttp://www.secuobs.com/revue/news/490096.shtml Secuobs.com : 2014-01-06 08:28:03 - Network Security Blog - I m back after a two week self-inforced haitus from all things security and work related For the last 14 days, I haven t checked emails, I haven t been on twitter, I haven t checked the news, I haven t read the news sites I ve simply spent time with my family, played Minecraft, watched anime and eaten my way http://www.secuobs.com/revue/news/489875.shtmlhttp://www.secuobs.com/revue/news/489875.shtml Secuobs.com : 2013-12-16 10:34:39 - Network Security Blog - I believe the Twitter spam filters are currently overloaded or at least someone s figure out a way around them In the last 72 hours, I ve gotten more twitter followers than I normally get in a three weeks At first it was hard to tell if they were real people or not, but as they ve accumulated, http://www.secuobs.com/revue/news/486545.shtmlhttp://www.secuobs.com/revue/news/486545.shtml Secuobs.com : 2013-12-13 08:03:34 - Network Security Blog - One of my pet peeves ever since I started blogging has been the annual ritual of the vendor security predictions Marketing teams must think these are a great idea, because we see them again and again ad nauseum Why not Reporters and bloggers like them because they make for an easy story that can http://www.secuobs.com/revue/news/486055.shtmlhttp://www.secuobs.com/revue/news/486055.shtml Secuobs.com : 2013-12-09 07:04:51 - Network Security Blog - A number of tech giants are petitioning the US federal government to put limits on the surveillance powers of agencies such as the NSA Specifically, there are eight organizations, led by Microsoft and Google who are stating that the governmental spying machines are putting them in a bad business position by eroding the trust that http://www.secuobs.com/revue/news/485045.shtmlhttp://www.secuobs.com/revue/news/485045.shtml Secuobs.com : 2013-12-07 18:26:20 - Network Security Blog - Last month I wrote about Perfect Forward Secrecy PFS for the Akamai corporate blog But if you d asked me two months earlier what PFS was, you would have seen me madly scrambling for Google to find out more about it And I m not alone before this summer only a few deeply technical engineers had heard http://www.secuobs.com/revue/news/484912.shtmlhttp://www.secuobs.com/revue/news/484912.shtml Secuobs.com : 2013-12-04 20:12:23 - Network Security Blog - Okay, this is just something cute for Christmas a tablet based Santa Claus tracker It appears that the actual application is only for Windows phones and Windows 8 systems, but there s a web based version everyone can use Now, my Spawn are too old to be fascinated by this, but I m sure there are a http://www.secuobs.com/revue/news/484334.shtmlhttp://www.secuobs.com/revue/news/484334.shtml Secuobs.com : 2013-12-03 19:45:13 - Network Security Blog - Apparently the CEO of Huawei says they are giving up on America But he doesn t say exactly what that means To me, that says they ll probably stop any expansion in the US and stop trying to actively find new business, rather than closing any offices, at least in the immediate future They re fairly happy with http://www.secuobs.com/revue/news/484094.shtmlhttp://www.secuobs.com/revue/news/484094.shtml Secuobs.com : 2013-12-02 15:30:10 - Network Security Blog - One of the shows I ve started watching since coming to the UK is called QI XL It s a quiz show comedy hour hosted by Stephen Fry where he asks trivia questions of people who I assume are celebrities here in Britain As often as not I have no clue who these people are It s fun because http://www.secuobs.com/revue/news/483853.shtmlhttp://www.secuobs.com/revue/news/483853.shtml Secuobs.com : 2013-11-26 12:15:35 - Network Security Blog - I ve been trying to avoid NSA stories since this summer, really I have I get so worked up when I start reading and writing about these stories and I assume no one wants to read my realistic paranoid ranting when I get like that Or at least that s what my cohosts on the podcast have told http://www.secuobs.com/revue/news/483071.shtmlhttp://www.secuobs.com/revue/news/483071.shtml Secuobs.com : 2013-11-25 07:40:58 - Network Security Blog - I m getting used to the idea that the NSA and the GCHQ are looking at every packet that crosses the Internet I hate it, I think it s wrong, but I can understand that they think it s their mandate to spy on us in order to protect us The logic is deeply flawed, but at least http://www.secuobs.com/revue/news/482851.shtmlhttp://www.secuobs.com/revue/news/482851.shtml Secuobs.com : 2013-11-22 08:09:47 - Network Security Blog - I got invited to speak at the annual dinner of the Cloud Security Alliance in Oslo, Norway earlier this week and had a lot of fun at the event I always enjoy visiting cities I d probably never see if not for my job Even more importantly, I love talking to people who are outside of http://www.secuobs.com/revue/news/482533.shtmlhttp://www.secuobs.com/revue/news/482533.shtml Secuobs.com : 2013-11-18 08:49:32 - Network Security Blog - I m not the most organized person in the world I never have been and I never will be But I ve usually been able to keep a modicum of organization in my life by using pen and paper and a notebook Sometimes things would fall through the cracks, as happens to everyone, but I can normally http://www.secuobs.com/revue/news/481562.shtmlhttp://www.secuobs.com/revue/news/481562.shtml Secuobs.com : 2013-11-11 10:46:21 - Network Security Blog - I fly a lot I ve flown well over 100K miles this year so far, and at least as much the previous two years I know that the airlines I fly, primarily Star Alliance, know a lot about me And I know that security isn t one of their primary concerns, something illustrated very graphically by the http://www.secuobs.com/revue/news/480126.shtmlhttp://www.secuobs.com/revue/news/480126.shtml Secuobs.com : 2013-11-08 07:28:28 - Network Security Blog - It looks like the Twitter IPO went well, maybe even exceptionally well Now lets hope they don t pull a Facebook and see their stock at 25pourcents of it s current value in 3 months http://www.secuobs.com/revue/news/479728.shtmlhttp://www.secuobs.com/revue/news/479728.shtml Secuobs.com : 2013-11-05 07:52:43 - Network Security Blog - I spend far too much time reading about governmental spying on citizens, both US and abroad It s a job hazard, since it impacts my role at work, but it s also what I would be researching and reading about even if it wasn t The natural paranoia that makes me a good security professional also feeds the http://www.secuobs.com/revue/news/479039.shtmlhttp://www.secuobs.com/revue/news/479039.shtml Secuobs.com : 2013-11-04 08:52:33 - Network Security Blog - Even if folks like Google, Microsoft and Facebook weren t mining every bit that flows across their networks, there s a number of companies out there that are building the tools to let government agencies and law enforcement organizations to spy Companies like NICE, Bright Planet and 3i Mind are probably just the tip of the iceberg when http://www.secuobs.com/revue/news/478797.shtmlhttp://www.secuobs.com/revue/news/478797.shtml Secuobs.com : 2013-10-28 08:49:57 - Network Security Blog - The Battle for Power on the Internet is long, but it s a worthwhile read I m not going to try to sum it up in a few lines or even a few hundred words, but it s a well thought out piece by Bruce Schneier I think I ve seen him speak too many times, because I can http://www.secuobs.com/revue/news/477442.shtmlhttp://www.secuobs.com/revue/news/477442.shtml Secuobs.com : 2013-10-27 15:12:16 - Network Security Blog - The security team at LinkedIn is stating they ve done a spanking awesome job of securing Intro and that we should trust in them This came out on Saturday in the form of a blog post from LinkedIn s Cory Scott Cory has an impressive background, with time spent at Matasano Security and Symantec You can check http://www.secuobs.com/revue/news/477380.shtmlhttp://www.secuobs.com/revue/news/477380.shtml Secuobs.com : 2013-10-25 08:12:15 - Network Security Blog - I know Let s build a man in the middle MITM attack into our iPhone app so that we can inject small bits of information into their email that show how useful our site and service are At the same time we ll now have access to every piece of email our users send, and even if http://www.secuobs.com/revue/news/476994.shtmlhttp://www.secuobs.com/revue/news/476994.shtml Secuobs.com : 2013-10-24 08:56:32 - Network Security Blog - I woke up this morning with a rant running through my mind Which is nothing unusual, by any stretch of the imagination I often rant, in person, on the blog, and on the podcast People almost expect it of me The difference this morning is I asked myself, Why bother Ranting isn t going to http://www.secuobs.com/revue/news/476689.shtmlhttp://www.secuobs.com/revue/news/476689.shtml Secuobs.com : 2013-10-23 08:03:08 - Network Security Blog - I know Rich, Zach and I talked about Aaron s before on the podcast This is a company that rents out many items to customers, including laptops A few years ago they thought it was a good idea for some of their franchises to install software on the laptops which allowed administrators at the stores to http://www.secuobs.com/revue/news/476447.shtmlhttp://www.secuobs.com/revue/news/476447.shtml Secuobs.com : 2013-10-22 08:22:50 - Network Security Blog - Next week is the RSA Europe conference in Amsterdam I m speaking three times at the conference, once as a sponsor, once with my own topic and once in a lightning talk, aka a Pecha Kucha talk And at just 6 40 , it s the PK talk that scares me the most The PK talk scares me http://www.secuobs.com/revue/news/476202.shtmlhttp://www.secuobs.com/revue/news/476202.shtml Secuobs.com : 2013-10-21 15:17:56 - Network Security Blog - Talk about subtle marketing, Russian search engine Yandex has started a new cloud offering called Cocaine Grab some cocaine in containers is one of their taglines I m sure someone is buying, but I wonder how they expect to get this delivered for their late night parties I want to say something about hosting your app http://www.secuobs.com/revue/news/476036.shtmlhttp://www.secuobs.com/revue/news/476036.shtml Secuobs.com : 2013-10-18 18:56:23 - Network Security Blog - One of the cool things we ve found on TV since moving to the UK is QI XL It s a BBC show hosted by Stephen Fry where they take a rather comedic romp through a bunch of facts that may or may not have anything to do with one another Last night s show was about Killers http://www.secuobs.com/revue/news/475669.shtmlhttp://www.secuobs.com/revue/news/475669.shtml Secuobs.com : 2013-10-17 10:39:59 - Network Security Blog - One of the things I promised myself recently is that I d write every day when I m home I d gone so long without writing much that I felt the skills start to atrophy It s not important what I write about or how much I write, it s the act of writing that I want to force myself http://www.secuobs.com/revue/news/475318.shtmlhttp://www.secuobs.com/revue/news/475318.shtml Secuobs.com : 2013-10-16 08:23:07 - Network Security Blog - I ve been a United Airlines customer for years I ve been very loyal to United and the Star Alliance I ve flown over 300k miles with them, I ll have flown over 100k miles this year alone as of my next trip I m in the top tier of their frequent flyer program and they generally treat me very http://www.secuobs.com/revue/news/474915.shtmlhttp://www.secuobs.com/revue/news/474915.shtml Secuobs.com : 2013-10-15 10:11:35 - Network Security Blog - I m not sure why anyone has the illusion that their data would be safer in Europe than it might be in the US While some of the countries in Europe seem to have better laws for protecting email, it s not a clear cut thing and there are always trade-offs While they might have better protections http://www.secuobs.com/revue/news/474639.shtmlhttp://www.secuobs.com/revue/news/474639.shtml Secuobs.com : 2013-10-14 11:19:13 - Network Security Blog - I m going to ignore the whole question of whether or not social engineering is hacking for now The difference between the two is mostly academic, since the effect of having your site hacked due to a weakness in the code and having all your traffic redirected to a site that the bad guys own is http://www.secuobs.com/revue/news/474437.shtmlhttp://www.secuobs.com/revue/news/474437.shtml Secuobs.com : 2013-10-13 08:57:54 - Network Security Blog - This is an incomplete thought This week I saw Gene Kim give his talk on DevOps and The Phoenix Project for the first time I d read the book and loved it, but I d never seen Gene put life into the concepts himself I was mesmerized by by his animation and energy in the presentation What http://www.secuobs.com/revue/news/474309.shtmlhttp://www.secuobs.com/revue/news/474309.shtml Secuobs.com : 2013-10-08 09:40:07 - Network Security Blog - I ve never hidden the fact that I m a bit of a rebel Okay, to be honest, I m proud of being a stubborn contrarian who s going to do what he thinks necessary, despite what it might cost in the future Part of the reason is that I ve always been smarter than average and I feel that http://www.secuobs.com/revue/news/473162.shtmlhttp://www.secuobs.com/revue/news/473162.shtml Secuobs.com : 2013-10-07 08:47:05 - Network Security Blog - If you have plans to go to the next Winter Olympics, in Sochi, Russia, prepare to have any and all of your electronic communications monitored The Guardian has found paperwork, including procurement documents and tenders, looking for the technology needed to monitor all communications to and from the Olympic venue We have to assume that http://www.secuobs.com/revue/news/472955.shtmlhttp://www.secuobs.com/revue/news/472955.shtml Secuobs.com : 2013-10-04 09:53:35 - Network Security Blog - Maintaining anonymity on the Internet is hard And it s only getting harder as governments get savvy about how to track down people who are doing bad things All it takes is one little mistake and you re cover is completely blown This applies to criminals as much as it does to political activists, something to keep http://www.secuobs.com/revue/news/472550.shtmlhttp://www.secuobs.com/revue/news/472550.shtml Secuobs.com : 2013-10-03 07:43:07 - Network Security Blog - This was a brilliant move from Ladar Levison, the owner of the now shuttered private email service, Lavabit When the FBI compelled him to give up the encryption keys to his service for Edward Snowden, Levison complied, though quite a bit maliciously the keys were given to the FBI in printed form on 11 pages http://www.secuobs.com/revue/news/472283.shtmlhttp://www.secuobs.com/revue/news/472283.shtml Secuobs.com : 2013-10-02 11:22:10 - Network Security Blog - The UK has been following the US government lead on a number of things Earlier this year they launched a plan called the Cyber Information Sharing Partnership CISP to promote information sharing between the UK government and critical infrastructure providers within the UK This somewhat mirrors the long term efforts in the US under the http://www.secuobs.com/revue/news/472066.shtmlhttp://www.secuobs.com/revue/news/472066.shtml Secuobs.com : 2013-08-26 21:35:24 - Network Security Blog - It s amazing to look back and realize that it s been a decade since I started blogging My life has changed so much since that I sat down and wrote that first Hello World blog post There was no way I could know what direction my life would take once I wrote that first post, but http://www.secuobs.com/revue/news/465050.shtmlhttp://www.secuobs.com/revue/news/465050.shtml Secuobs.com : 2013-07-13 17:21:00 - Network Security Blog - Between a two week stint in Bangkok, Thailand and making preparation for a huge move, I ve barely had time to keep up with the stories coming out about Edward Snowden and governmental spying around the world, let alone blog about them The travel situation isn t getting any better, with a huge trip to Las Vegas http://www.secuobs.com/revue/news/456784.shtmlhttp://www.secuobs.com/revue/news/456784.shtml Secuobs.com : 2013-06-20 08:38:59 - Network Security Blog - When Katie Moussouris is so excited about something she s almost vibrating, you know it has to be big So when she came Chris John Riley and I earlier this week and said she had news from Microsoft, we had to make time to talk to her Katie s been working on the Microsoft Bug Bounty program http://www.secuobs.com/revue/news/452546.shtmlhttp://www.secuobs.com/revue/news/452546.shtml Secuobs.com : 2013-06-15 17:51:33 - Network Security Blog - I am out of time for blogging and heading out for a long trip across an ocean and a continent, so I m just going to post a number of links here without commentary I m hopeful the change we ve seen in a number of lawmakers and the general attitude of the public continues to grow and http://www.secuobs.com/revue/news/451638.shtmlhttp://www.secuobs.com/revue/news/451638.shtml Secuobs.com : 2013-06-12 07:23:40 - Network Security Blog - While it was good to maintain a list of the stories coming out about the NSA spying scandal, today I realized we re starting on the second phase of this event Most of what we heard late last week and over the weekend was the initial reaction and often contain speculation and hyperbole But now that http://www.secuobs.com/revue/news/450891.shtmlhttp://www.secuobs.com/revue/news/450891.shtml Secuobs.com : 2013-06-08 17:40:56 - Network Security Blog - If you follow me on Twitter mckeay you ll already know this I m pissed We knew intellectually that it was likely that the US government had stepped over the line in their monitoring, but between learning that Verizon was willingly giving the NSA metadata about every phone call on their network and the PRISM program where http://www.secuobs.com/revue/news/450207.shtmlhttp://www.secuobs.com/revue/news/450207.shtml Secuobs.com : 2013-06-01 16:14:54 - Network Security Blog - I d forgotten why I write I don t write just because I m an attention monger or because I want to prove how smart I am I don t write to promote myself or to promote others I don t write to start arguments or rants I write because I have ideas banging around in my head and putting http://www.secuobs.com/revue/news/448891.shtmlhttp://www.secuobs.com/revue/news/448891.shtml Secuobs.com : 2013-05-28 23:47:58 - Network Security Blog - Rich is still battling bugs of the sickness variety, so Martin and Zach get together for what will be Martin s last show for a while As mentioned previously, he s moving across the pond Wocean to Sunny London soon, after his annual pilgrimage to Vegas and Bangkok Network Security Podcast, Episode 314, May 28, 2013 Time 35 24 http://www.secuobs.com/revue/news/448181.shtmlhttp://www.secuobs.com/revue/news/448181.shtml Secuobs.com : 2013-05-15 02:22:15 - Network Security Blog - Rich is dealing with some sick babies, so Martin and Zach inadvertently make the show about corporate and government not just the US this time surveillance Network Security Podcast, Episode 312, May14, 2013 Time 38 26 Show notes How the Syrian Electronic Army Hacked The Onion US Weighs Wide Overhaul of Wiretap Laws FBI s Latest Proposal http://www.secuobs.com/revue/news/445444.shtmlhttp://www.secuobs.com/revue/news/445444.shtml Secuobs.com : 2013-05-02 03:53:20 - Network Security Blog - Long show with short notes this week as Wade Baker of Verizon and Josh Corman of Akamai join us to talk about the Verizon Data Breach Investigations Report This is a must-read report and our short podcast can t possibly do it justice, but we made our best effort Listen to the end, we have some http://www.secuobs.com/revue/news/443045.shtmlhttp://www.secuobs.com/revue/news/443045.shtml Secuobs.com : 2013-04-24 01:09:16 - Network Security Blog - After a hectic couple of weeks conferences, travel, and city-wide lockdowns recovery is sorely needed, but we push through a relatively lively show with a teaser for a bigger debate Wdiscussion slated for next week And somehow the podcast just keeps getting a little longer every week Network Security Podcast, Episode 310, April 23, 2013 http://www.secuobs.com/revue/news/441408.shtmlhttp://www.secuobs.com/revue/news/441408.shtml Secuobs.com : 2013-04-10 01:29:28 - Network Security Blog - Due to a last minute work engagement, Rich is not present on tonight s show Martin and Zach attempt to compensate for Rich s absence by being snark but also half-asleep We ll leave it to you to figure out which half of that we feel is most like Rich Network Security Podcast, Episode 309, April 9, 2013 http://www.secuobs.com/revue/news/438523.shtmlhttp://www.secuobs.com/revue/news/438523.shtml Secuobs.com : 2013-04-03 01:22:30 - Network Security Blog - Getting three security professionals to slow down long enough to record a podcast together is always a challenge and tonight was harder than usual Part of the problem is that there are so many interesting stories going on right now But the fact that we all have jobs and families is a much bigger part http://www.secuobs.com/revue/news/437258.shtmlhttp://www.secuobs.com/revue/news/437258.shtml Secuobs.com : 2013-03-24 18:31:12 - Network Security Blog - My second interview at RSAC 2013 was with Bromium CTO and founder, Simon Crosby I ve been hearing about Bromium as the next big idea in security for a while now from people who should know Like Rich and I wanted to hear about it straight from the horses mouth The ideas behind Bromium are fundamentally http://www.secuobs.com/revue/news/435525.shtmlhttp://www.secuobs.com/revue/news/435525.shtml Secuobs.com : 2013-03-23 17:33:27 - Network Security Blog - Here s the first of the interviews that were recorded at the 2013 RSA Conference in San Francisco, CA at the end of February My first interveiw was with Michael Markulec, CEO of Lumeta Micheal and I talk about the importance of knowing what s on your network, which has become even more important as the BYOD http://www.secuobs.com/revue/news/435470.shtmlhttp://www.secuobs.com/revue/news/435470.shtml Secuobs.com : 2013-03-20 03:07:09 - Network Security Blog - After another two-week hiatus, the gang is able to pull off a show despite some serious jet-lag and sleep deprivation Maybe, JUST MAYBE, we can keep this trend up the recording part, not the ridiculously tired part Network Security Podcast, Episode 306, March 19, 2013 Time 33 24 Show notes Indicators of Impact Ground Truth http://www.secuobs.com/revue/news/434674.shtmlhttp://www.secuobs.com/revue/news/434674.shtml Secuobs.com : 2013-02-19 23:49:29 - Network Security Blog - And now that Martin s home, Rich is off on baby-leave I think that s what it s called Martin and Zach briefly discuss this week s big news Mandiant s APT1 threat intelligence report, which we strongly encourage you to read yourselves Also, Martin gives us a bit about his experience attending ShmooCon 2013 this past weekend Spoiler alert http imgurcom GUYy8Rn http://www.secuobs.com/revue/news/428671.shtmlhttp://www.secuobs.com/revue/news/428671.shtml Secuobs.com : 2013-02-19 14:55:43 - Network Security Blog - If you haven t already read it, your homework for this week is the Mandiant APT1 Report Don t read someone else s interpretation until you ve read the report yourself Don t read the analysis of reporters and consider it good Read the entire report yourself and draw your own conclusions, then read what other people have to say http://www.secuobs.com/revue/news/428532.shtmlhttp://www.secuobs.com/revue/news/428532.shtml Secuobs.com : 2013-02-01 13:59:07 - Network Security Blog - If you re reading this post, chances are you re a security practitioner and you know exactly what s coming up in February RSA You know the dates like you know few others in your life and you plan for months to make the pilgrimage to San Francisco and the Moscone Center Or maybe you don t work for http://www.secuobs.com/revue/news/425210.shtmlhttp://www.secuobs.com/revue/news/425210.shtml Secuobs.com : 2013-01-30 01:23:02 - Network Security Blog - Rich goes missing again but this time due to work or so he says A slightly shorter show this evening, wherein Martin and Zach discuss upcoming events, like RSA, SOURCE Boston, BeaCon, etc, as well as oh, look at that, already surpassed a 300th CVE entry for 2013 Oh, and it s Ruby on Rails Network http://www.secuobs.com/revue/news/424623.shtmlhttp://www.secuobs.com/revue/news/424623.shtml Secuobs.com : 2013-01-22 14:30:12 - Network Security Blog - It s here We finally did it Episode 300 of the Network Security Podcast has finally been recorded, edited and posted Sorry it didn t get published immediately, but it takes a while to edit over 2 hours of audio So what did we do for Episode 300 Martin flew to Phoenix to record from Casa de http://www.secuobs.com/revue/news/423103.shtmlhttp://www.secuobs.com/revue/news/423103.shtml Secuobs.com : 2013-01-10 17:29:46 - Network Security Blog - It s been an interesting week and start to the year Between the Ruby on Rails vulnerability and the Java zero day released today, we have some serious patching issues on our plates And if history is any indicator of future performance, the security technorati are already in the process of patching, which only leaves the http://www.secuobs.com/revue/news/420984.shtmlhttp://www.secuobs.com/revue/news/420984.shtml Secuobs.com : 2013-01-08 01:31:13 - Network Security Blog - One of the main reasons I started blogging was to work on my writing skills Similarly, one of the main reasons I m forcing myself to start blogging regularly again is also to work on my writing skills Yes, I learned to write well in high school and college, but those were both a long time http://www.secuobs.com/revue/news/420329.shtmlhttp://www.secuobs.com/revue/news/420329.shtml Secuobs.com : 2013-01-03 16:23:21 - Network Security Blog - In the spirit of my only resolution for the new year, here s a quick post on some of what I m reading this week Like many security professionals, I read dozens of posts and articles each week, but only a few of them are worth retweeting or blogging about This week is the first of the http://www.secuobs.com/revue/news/419687.shtmlhttp://www.secuobs.com/revue/news/419687.shtml Secuobs.com : 2013-01-01 16:58:59 - Network Security Blog - I don t generally do New Year s resolutions The fact is, if I can t work up the will power needed to do something the other 364 days a year, there s no reason to think an arbitrary date of January 1 is going to make me any more likely to develop the needed internal strength needed to http://www.secuobs.com/revue/news/419351.shtmlhttp://www.secuobs.com/revue/news/419351.shtml Secuobs.com : 2012-12-13 15:42:02 - Network Security Blog - If there were an Offensive Security for Dummies book, it d be very short Chapter 1 would simply be the word Don t Chapter 2 would be slightly more expansive and would say No, really, we mean it don t practice offensive security You re not worthy Then it would go on to enumerate ways to incorporate offensive security http://www.secuobs.com/revue/news/416841.shtmlhttp://www.secuobs.com/revue/news/416841.shtml Secuobs.com : 2012-12-12 02:38:13 - Network Security Blog - It s our last show for the year, folks We re taking about a month off, and we ll be returning in 2013 for Episode 300 Happy Holidays from Network Security Podcast No Rich this week, but Martin and Zach make up for the lack somehow Maybe experience has taught them something Network Security Podcast, Episode 299, December http://www.secuobs.com/revue/news/416447.shtmlhttp://www.secuobs.com/revue/news/416447.shtml Secuobs.com : 2012-11-21 01:32:48 - Network Security Blog - It s Rich that s out this holiday week, so Martin and Zach talk turkey no pun intended about Skype SNAFUs, LTE going all a-splode-y, and a Linux rootkit that will make you go That s neat Happy Thanksgiving Network Security Podcast, Episode 297, November 20, 2012 Time 31 00 Show notes Skype password flaw made stealing accounts easy Obama http://www.secuobs.com/revue/news/412590.shtmlhttp://www.secuobs.com/revue/news/412590.shtml Secuobs.com : 2012-11-14 01:41:48 - Network Security Blog - This week we start by discussing Martin s ear wax and Rich s cough, and it s all downhill from there Zach is out this week, but Rich and Martin open with a discussion of the Cloud Security Alliance conference and some things we both learned between there and the events Martin has been at Then we delve http://www.secuobs.com/revue/news/411256.shtmlhttp://www.secuobs.com/revue/news/411256.shtml Secuobs.com : 2012-11-07 01:26:33 - Network Security Blog - Rich is MIA again, and we re left do discuss Russia, the biggest problem in computer security , and the perpetual badness of industrial control systems And hopefully by the time you read this, all of the Presidential excitement will be over, or you ll have a drink in hand and won t care any more Network Security Podcast, http://www.secuobs.com/revue/news/409982.shtmlhttp://www.secuobs.com/revue/news/409982.shtml Secuobs.com : 2012-10-31 01:34:53 - Network Security Blog - Rich is playing super-secret secret-squirrel in an undisclosed location actually he s teaching multiple talks at a conference in Arizona , so Martin and Zach run the gamut from their own recent conference tomfoolery, to China s goodbye Cisco move, to how do i shot honeypots , and a few other things in between Also, Zach takes a few http://www.secuobs.com/revue/news/408684.shtmlhttp://www.secuobs.com/revue/news/408684.shtml Secuobs.com : 2012-10-10 03:23:54 - Network Security Blog - I got to catch up to a couple of friends of mine, Sherri Davidoff and Jonathan Ham, a few weeks ago They recently released a book called Network Forensics Tracking Hackers Through Cyberspace The pair talk about what goes into creating a lab in preparation for a book like this, about Internet Pigeon Protocols and http://www.secuobs.com/revue/news/404648.shtmlhttp://www.secuobs.com/revue/news/404648.shtml Secuobs.com : 2012-10-03 02:34:57 - Network Security Blog - This week s show went a little long, as all three of us had a lot to say on the stories we covered We also spent more than a few minutes at the beginning of the show talking about some of the resources people can use to get mentorship when entering the security field We also http://www.secuobs.com/revue/news/403202.shtmlhttp://www.secuobs.com/revue/news/403202.shtml Secuobs.com : 2012-10-01 21:53:13 - Network Security Blog - It s a bit frustrating sometimes, working for a company like Akamai When you hear stories about DDoS and other attacks on large institutions, we re often involved in the mix somewhere, simply because we deliver so much of the Internet s traffic But we long ago decided we don t want to be sensationalist or ambulance chasers, we http://www.secuobs.com/revue/news/402866.shtmlhttp://www.secuobs.com/revue/news/402866.shtml Secuobs.com : 2012-09-26 02:15:58 - Network Security Blog - All three of us managed to make our recording time this week, and we had so much good stuff to talk about that we even skipped an interview Martin has in the can It went a little long, but hopefully folks will be willing to forgive us if the quality is good enough The quality http://www.secuobs.com/revue/news/401778.shtmlhttp://www.secuobs.com/revue/news/401778.shtml Secuobs.com : 2012-09-21 15:01:57 - Network Security Blog - I got to attend my first SOURCE event last week, thanks to a lucky confluence of events which freed up my time Mainly, I didn t have to go to the PCI Council s Community Meeting and was able to take advantage of SOURCE Seattle instead I know many of the people involved in SOURCE and I d http://www.secuobs.com/revue/news/401068.shtmlhttp://www.secuobs.com/revue/news/401068.shtml Secuobs.com : 2012-09-19 05:16:32 - Network Security Blog - Zach is out this week, but Rich and Martin hold the show together with some stories before cutting to an interview with Dwayne Melancon and Cindy Valladeres from TripWire Between Rich, Martin and the interview, this episode goes a little longer than normal Network Security Podcast, Episode 289, September 18, 2012 Time 45 56 Show notes http://www.secuobs.com/revue/news/400433.shtmlhttp://www.secuobs.com/revue/news/400433.shtml Secuobs.com : 2012-09-12 01:30:58 - Network Security Blog - Martin set up a new mailing list for his blog and the show, so be sure to sign up at the Network Security Blog This week we take a moment to remember 9 11 and then move on to a full-staffed show Network Security Podcast, Episode 288, September 11, 2012 Time 31 56 Show notes Preparing for http://www.secuobs.com/revue/news/399065.shtmlhttp://www.secuobs.com/revue/news/399065.shtml Secuobs.com : 2012-09-11 15:48:56 - Network Security Blog - One of the biggest challenges for a QSA is deciding the exact limits of an assessment Deciding which systems store, process or transmit credit cards and all systems connected to them sounds like a straight forward and easy to follow, but in practice, the QSA s two favorite words, It depends come into effect all to http://www.secuobs.com/revue/news/398924.shtmlhttp://www.secuobs.com/revue/news/398924.shtml Secuobs.com : 2012-09-05 00:40:23 - Network Security Blog - Martin and Zach take the helm sans Rich this week deja vu , and Martin edits this post to say something clever Or not Network Security Podcast, Episode 287, September 4, 2012 Time 35 45 Show notes Oracle Knew About Currently Exploited Java Vulnerabilities for Months, Researcher Says Researchers find critical vulnerability in Java 7 patch hours http://www.secuobs.com/revue/news/397624.shtmlhttp://www.secuobs.com/revue/news/397624.shtml Secuobs.com : 2012-08-29 03:11:49 - Network Security Blog - We shouldn t let Rich take care of the show notes Sometimes he simply reuses last week s show notes and forgets to change the flavor text at all In which case we give him a hard time After short break, the whole gang is together again this week, though Rich let it drop that this streak http://www.secuobs.com/revue/news/396369.shtmlhttp://www.secuobs.com/revue/news/396369.shtml Secuobs.com : 2012-08-27 05:46:00 - Network Security Blog - Oracle CSO, Mary Ann Davidson, says information sharing isn t happening based on her experience as CSO and President of an IT Information Sharing and Analysis Center IT-ISAC chapter I think someone who says information sharing isn t going on is looking in the wrong places and has her head stuck in the sand Her conclusions are http://www.secuobs.com/revue/news/395931.shtmlhttp://www.secuobs.com/revue/news/395931.shtml Secuobs.com : 2012-08-15 02:01:05 - Network Security Blog - This week we re joined by Adrian Lane Rich s coworker, but it was Martin s idea to give us some more insight on his latest WAF research The WAF situation is actually a lot more nuanced than the sucks wins arguments we usually hear And, as usual, we also discuss the latest security news without Zach, who has http://www.secuobs.com/revue/news/393587.shtmlhttp://www.secuobs.com/revue/news/393587.shtml Secuobs.com : 2012-08-01 17:52:23 - Network Security Blog - The yearly pilgrimage to Las Vegas for BlackHat DEFCON B-Sides is over, and recovery mode is in full effect and none of us got arrested detained married in Vegas at least we don t think Completely Martin s fault this week s podcast was released late Sometimes a nap turns into a full night s sleep after a week in Vegas Network http://www.secuobs.com/revue/news/391107.shtmlhttp://www.secuobs.com/revue/news/391107.shtml Secuobs.com : 2012-07-18 01:53:30 - Network Security Blog - BlackHat, DEFCON, and BSidesLV are just around the corner, and Rich is in France watching people ride bicycles If you re in Vegas next week, and want to have a chat, or a beer, or whatever or tell us we suck , let us know and or come find us Network Security Podcast, Episode 282, July 17, 2012 http://www.secuobs.com/revue/news/387921.shtmlhttp://www.secuobs.com/revue/news/387921.shtml Secuobs.com : 2012-07-11 04:37:21 - Network Security Blog - I m still not sure how this got started I m not even sure what the point is But in any case I ve been volunteered for a spot on Hacker Hug Bingo at Black Hat, Defcon and BSides Las Vegas this year The point is for participants to meet some of the rogue s gallery of security people http://www.secuobs.com/revue/news/386510.shtmlhttp://www.secuobs.com/revue/news/386510.shtml Secuobs.com : 2012-07-11 02:06:35 - Network Security Blog - After a month off, we re back, and just a couple of weeks ahead of BlackHat, DEFCON, and BSides Las Vegas We re all so busy and tired we don t even have any witty dialogue left over from the podcast for the show notes Not that anyone ever reads these things in any case Network Security Podcast, http://www.secuobs.com/revue/news/386479.shtmlhttp://www.secuobs.com/revue/news/386479.shtml Secuobs.com : 2012-06-07 01:34:32 - Network Security Blog - Dire Warning If you re in the habit of reusing passwords AT ALL, 1 stop it 2 if you have a LinkedIn account change your password immediately on as many sites as you can remember Then get yourself a password management program like 1Password or LastPass with a random password creator and learn to use http://www.secuobs.com/revue/news/380024.shtmlhttp://www.secuobs.com/revue/news/380024.shtml Secuobs.com : 2012-06-06 02:07:13 - Network Security Blog - This is our last podcast before we take a month-long hiatus Rich is currently on what he calls vacation an alien concept to some of us , with Martin planning to do the same soon Zach is prepping his liver Wbrain for SummerCon this weekend in NYC Network Security Podcast, Episode 280, June 5, 2012 Time 37 12 Show http://www.secuobs.com/revue/news/379717.shtmlhttp://www.secuobs.com/revue/news/379717.shtml Secuobs.com : 2012-06-05 04:58:41 - Network Security Blog - I ve always hated the way Facebook has endeavored to track every single action their users do Which is funny, considering how much of my life I put on Twitter But the main difference between the two social media platforms is about choice, at least for me With Twitter, I decide what to put online 140 http://www.secuobs.com/revue/news/379489.shtmlhttp://www.secuobs.com/revue/news/379489.shtml Secuobs.com : 2012-05-30 05:24:58 - Network Security Blog - Zach was a little late, but Rich and Martin start with talks of their recent travels Martin wins and prepping for DefCon Then we jump into the latest super hot security news Network Security Podcast, Episode 279, May 29, 2012 Time 38 34 Show notes IBM bans Siri Must not like the snark FBI forms net http://www.secuobs.com/revue/news/378427.shtmlhttp://www.secuobs.com/revue/news/378427.shtml Secuobs.com : 2012-05-23 02:00:28 - Network Security Blog - After the scary Canadians ransacked our show, Rich needed some alone time in the cornfields of some midwestern state Respecting Rich s need for meditation or a quick sell of all of his Facebook shares , Martin and Zach, in their respective bleary-eyed states, recorded anyway Network Security Podcast, Episode 278, May 22, 2012 Time 37 05 Show notes http://www.secuobs.com/revue/news/377096.shtmlhttp://www.secuobs.com/revue/news/377096.shtml Secuobs.com : 2012-05-20 17:46:56 - Network Security Blog - I just spent the last two weeks in Singapore, Kuala Lumpur, Sydney and the Gold Coast It was arguably one of the best trips of my career, both from a work perspective and from a tourist perspective Of course, I ve never really been a one man traveling road show before, but it s part of the http://www.secuobs.com/revue/news/376570.shtmlhttp://www.secuobs.com/revue/news/376570.shtml Secuobs.com : 2012-05-02 03:38:01 - Network Security Blog - By the grace of FSM, schedules synced up this week so we could all get together despite Martin s perpetual jet lag Narrowly avoiding a discussion of CISPA we ll save that for later , the gang touches on some vulnerability disclosure gaffes, an attack back proposal what year is this , and more Network Security Podcast, Episode 275, May http://www.secuobs.com/revue/news/373061.shtmlhttp://www.secuobs.com/revue/news/373061.shtml Secuobs.com : 2012-04-25 03:16:15 - Network Security Blog - As a follow up to last week s episode, Martin was joined last week by Josh Corman to talk to Wade Baker about the 2012 Verizon Data Breach Investigation Report Wade talks to us about how the information for the report was gathered, some of the strengths and weaknesses of the analysis and finally how the amazing puzzle http://www.secuobs.com/revue/news/371840.shtmlhttp://www.secuobs.com/revue/news/371840.shtml Secuobs.com : 2012-04-18 15:32:26 - Network Security Blog - The Internet will never again be as free as it is this morning Dan Greer at SOURCE Boston Think on that for a while If it doesn t scare you, it should http://www.secuobs.com/revue/news/370631.shtmlhttp://www.secuobs.com/revue/news/370631.shtml Secuobs.com : 2012-04-18 01:45:20 - Network Security Blog - The gang is scattered to the wind Rich is off at some random Margaritaville and Zach is pretending he has a real life and a new job or something So Martin called out the cavalry and is joined tonight by none other than Dave Lewis, aka Gattaca on twitter I bet many of you didn t http://www.secuobs.com/revue/news/370533.shtmlhttp://www.secuobs.com/revue/news/370533.shtml Secuobs.com : 2012-04-13 05:13:36 - Network Security Blog - Unlike it s brethren, SOPA and PIPA, CISPA doesn t scare me because it s aimed at shutting down piracy and giving the media companies unheard of powers CISPA scares me because it is aimed at letting companies to share information between each other and with the government in order to stop bad guys, which is a noble http://www.secuobs.com/revue/news/369735.shtmlhttp://www.secuobs.com/revue/news/369735.shtml Secuobs.com : 2012-04-11 01:08:40 - Network Security Blog - Zach is off settling in to the new job and prepping for Source Boston, but Rich and Martin managed to get together to discuss travel, the latest security news, and Rich s rant on the whole Mac malware thing And Martin apologizes to listeners for the mixup with episode 272 Network Security Podcast, Episode 273, http://www.secuobs.com/revue/news/369225.shtmlhttp://www.secuobs.com/revue/news/369225.shtml Secuobs.com : 2012-04-02 16:47:05 - Network Security Blog - Last Friday Brian Krebs broke the story that MasterCard and Visa were warning of a major processor breach Later in the day it was announced that the payment processor was Global Payment Inc and that approximately 50,000 card numbers had been compromised, a number that was later revised to 15 million card numbers Global Payment http://www.secuobs.com/revue/news/367574.shtmlhttp://www.secuobs.com/revue/news/367574.shtml Secuobs.com : 2012-03-28 03:04:22 - Network Security Blog - Since Rich is on the road this week, Martin and Zach are joined by none other than friend of the podcast, Josh Corman Which is not that surprising, since there s only one story we re talking about tonight, the latest Verizon Data Breach Investigation Report There s a lot to talk about again in this year s report, http://www.secuobs.com/revue/news/366580.shtmlhttp://www.secuobs.com/revue/news/366580.shtml Secuobs.com : 2012-03-27 17:10:16 - Network Security Blog - If you don t know who Bruce Schneier is, I hope you re coming to my site because I wrote about the TSA, not because your a security professional He wrote several books that are staples on almost every security professionals shelves You could literally say he wrote the book on applied cryptography, since that s the title http://www.secuobs.com/revue/news/366415.shtmlhttp://www.secuobs.com/revue/news/366415.shtml Secuobs.com : 2012-03-05 15:35:13 - Network Security Blog - Dell SecureWorks Chief Technology Officer Jon Ramsey took a few minutes out of his day at the RSA Conference to talk to me about a new study his team had recently written on series of attacks they dubbed Sin Digoo Affair In addition to being a detailed analysis of the tools and actions performed by http://www.secuobs.com/revue/news/361443.shtmlhttp://www.secuobs.com/revue/news/361443.shtml Secuobs.com : 2012-03-04 19:03:22 - Network Security Blog - My first interview this year at the 2012 RSA Conference was with Urvish Vashi from AlertLogic We talked briefly about the recent acquisition of ArmorLogic, but my real interest was the State of Cloud Security Report issued by AlertLogic It s an interesting report and gives us some fuel for the debate about which is more http://www.secuobs.com/revue/news/361343.shtmlhttp://www.secuobs.com/revue/news/361343.shtml Secuobs.com : 2012-02-26 15:56:33 - Network Security Blog - The RSA Conference is one of the most stressful times of year for me, as well as for thousands of other security professionals who descend on the Moscone Center every year It s great to see all the friends that you may only see at RSAC because your paths don t cross otherwise, as well as the http://www.secuobs.com/revue/news/359959.shtmlhttp://www.secuobs.com/revue/news/359959.shtml Secuobs.com : 2012-02-22 02:39:32 - Network Security Blog - With the 2012 RSA Conference less than a week away, we decided to try to record a short podcast focused on the event this week Of course, since Rich and Martin are involved, things ran away and the show ended up being the same length it normally is Zach won t be at the RSA Conference http://www.secuobs.com/revue/news/359175.shtmlhttp://www.secuobs.com/revue/news/359175.shtml Secuobs.com : 2012-02-15 15:27:16 - Network Security Blog - A friend of mine recently complained in Twitter that, according to his count, nearly 80pourcents of all talks given at the security conferences he d looked at recently were now non-technical It might be in part because he s ramblinpeck on twitter, aka Daniel Peck, Research Scientist or something like that at Barracuda Networks Which is my http://www.secuobs.com/revue/news/357965.shtmlhttp://www.secuobs.com/revue/news/357965.shtml Secuobs.com : 2012-02-15 02:19:06 - Network Security Blog - On this wonderful Valentine s Day, we are joined by guest-host and friend-to-the-show Michelle Klinger, while Rich is overcoming some throat-in-tube type illness feel better, Rich Network Security Podcast, Episode 267, February 14, 2012 Time 34 41 Show Notes HOIC DDoS Analysis and Detection Cybersecurity Disaster Seen in US Survey Citing Spending Gaps Boston Police hits back http://www.secuobs.com/revue/news/357859.shtmlhttp://www.secuobs.com/revue/news/357859.shtml Secuobs.com : 2012-02-01 22:12:52 - Network Security Blog - We re a day late, but we still managed to get this week s show recorded Rich is soaking up sun or teaching , as he claims in Cancún, Mexico, so we decided to rope in the illustrious Mike Rybolov Smith to discuss, surprise-surprise, privacy and monitoring Network Security Podcast, Episode 266, February 1, 2012 Time 42 36 Show Notes http://www.secuobs.com/revue/news/355372.shtmlhttp://www.secuobs.com/revue/news/355372.shtml Secuobs.com : 2012-01-27 04:32:29 - Network Security Blog - If you follow the blog, you may remember several months ago that I built myself a standing desk out of some cheap lumber and plywood I had in the garage It took an afternoon to build and was a proof of concept as to whether or not I d actually like working at a standing desk http://www.secuobs.com/revue/news/354360.shtmlhttp://www.secuobs.com/revue/news/354360.shtml Secuobs.com : 2012-01-26 03:51:37 - Network Security Blog - If you haven t already heard, the code base for Symantec s pcAnywhere was stolen in 2006, and bad guys are now using that code against the installed base of users in the wild This sort of compromise really isn t anything that new or different But what is different is that Symantec is now telling users to http://www.secuobs.com/revue/news/354149.shtmlhttp://www.secuobs.com/revue/news/354149.shtml Secuobs.com : 2012-01-25 03:15:51 - Network Security Blog - Unless you were hiding under a rock the last few weeks you ve probably heard about the Stop Online Piracy Act SOPA , Protect IP Act PIPA and their even more evil brother Anti-counterfiting Trade Agreement ACTA Many sites went dark last week, including Securosis, in protest and SOPA PIPA were at least stalemated for the moment, if http://www.secuobs.com/revue/news/353933.shtmlhttp://www.secuobs.com/revue/news/353933.shtml Secuobs.com : 2012-01-20 16:15:31 - Network Security Blog - I generally try to stay out of the political arena on the blog, mostly because politics is such a contentious topic in and of itself And I ve been staying away from SOPA in particular because there s been so much coverage that one more voice added to the choir wouldn t have done anything The music and http://www.secuobs.com/revue/news/353192.shtmlhttp://www.secuobs.com/revue/news/353192.shtml Secuobs.com : 2012-01-09 15:35:53 - Network Security Blog - Still feels a little funny to be putting the 12 in the year column, doesn t it I m sure the feeling will go away by March or April And it s getting started as an interesting year already, with Symantec s source code and courts approving warrantless GPS monitoring I bet neither of those were captured in the http://www.secuobs.com/revue/news/350967.shtmlhttp://www.secuobs.com/revue/news/350967.shtml Secuobs.com : 2012-01-04 01:58:14 - Network Security Blog - It s our first show of the New Year wherein Rich describes server upgrades good and bad, being a victim in a data breach, and we discuss the rest of the latest news We have to say, it s a weird start to the year Network Security Podcast, Episode 263, January 3, 2012 Time 36 45 Show Notes http://www.secuobs.com/revue/news/350157.shtmlhttp://www.secuobs.com/revue/news/350157.shtml Secuobs.com : 2011-12-26 15:08:05 - Network Security Blog - Christmas is over I hope yours was good, but I personally find the whole build up and let down stressful and I m glad when it s done with Especially the part where my kids are home from school for a week and whine every time I tell them to get out of the house for a http://www.secuobs.com/revue/news/349025.shtmlhttp://www.secuobs.com/revue/news/349025.shtml Secuobs.com : 2011-12-21 01:36:08 - Network Security Blog - This is Martin, and while I know we said we weren t going to do another podcast this year, I got started talking to Martin Fisher over at the Southern Fried Podcast and we decided, What the heck, let s do one more this year and thank all our listeners for supporting us It was supposed to http://www.secuobs.com/revue/news/348314.shtmlhttp://www.secuobs.com/revue/news/348314.shtml Secuobs.com : 2011-12-18 17:26:06 - Network Security Blog - Long night last night We went to something called a pirate gift party sort of like a white elephant gift cheap, person A can take a gift from the table or steal from person B except most of the gifts were wrapped in tinfoil cleverly disguised to hide their true nature Two minor variations from http://www.secuobs.com/revue/news/347887.shtmlhttp://www.secuobs.com/revue/news/347887.shtml Secuobs.com : 2011-12-13 06:48:29 - Network Security Blog - Usually I try to find the time to blog first thing in the morning, but today was way too busy to allow for anything nearly as relaxing as blogging I spent two days traveling to and from a client site last week and then two more days at the BayThreat conference, with only Sunday at http://www.secuobs.com/revue/news/346793.shtmlhttp://www.secuobs.com/revue/news/346793.shtml Secuobs.com : 2011-12-07 02:59:42 - Network Security Blog - When Rich isn t around to take up most of the time, Zach can actually be pulled out of his shell to talk for a little while Or maybe it s just when there are two hosts on the podcast there s more time to talk In any case, Martin and Zach went a little long this week http://www.secuobs.com/revue/news/345746.shtmlhttp://www.secuobs.com/revue/news/345746.shtml Secuobs.com : 2011-12-05 16:04:54 - Network Security Blog - There s this game called Skyrim that s been taking up all my free time The only thing that s kept me from being completely sucked in is the fact that my eldest son keeps asking, When is it my turn to play That and the fact that my other half keeps bringing up Christmas and my commitments http://www.secuobs.com/revue/news/345360.shtmlhttp://www.secuobs.com/revue/news/345360.shtml Secuobs.com : 2011-11-28 20:53:27 - Network Security Blog - Back when I was a Qualified Security Assessor QSA , all of four months ago, I often explained credit card data as an infectious disease Whatever your credit card data touches is pulled into scope, requiring the full set of Payment Card Industry PCI Data Security Standards DSS to be applied to those systems to the http://www.secuobs.com/revue/news/344161.shtmlhttp://www.secuobs.com/revue/news/344161.shtml Secuobs.com : 2011-11-22 16:00:00 - Network Security Blog - I got home Sunday from 3 days in Las Vegas, two of which were spent at the first ever Minecon For those of you who aren t the parents of Minecraft addicts or addicts yourselves, it s a game where you create a whole world then mine it for resources and build just about anything you can http://www.secuobs.com/revue/news/341988.shtmlhttp://www.secuobs.com/revue/news/341988.shtml Secuobs.com : 2011-11-16 15:14:06 - Network Security Blog - Google got in a lot of trouble last year for capturing private data from wireless networks when they were driving the googlemobiles around to get video shots for StreetView Basically, rather than just capturing the SSID for the access points, in a lot of cases they captured data streams from the AP s, which violated all http://www.secuobs.com/revue/news/340985.shtmlhttp://www.secuobs.com/revue/news/340985.shtml Secuobs.com : 2011-11-16 01:29:34 - Network Security Blog - Rich and Martin are together for the first time in about 6 weeks thanks to all our overlapping travel We are joined by Marisa Fagan who tells us about BayThreat- one of the only actual security conferences in the Bay Area and a really good one Then Marisa leaves and Rich and Martin jump into http://www.secuobs.com/revue/news/340890.shtmlhttp://www.secuobs.com/revue/news/340890.shtml Secuobs.com : 2011-11-11 15:33:04 - Network Security Blog - Whether you call it Veteran s Day, Pocky Day,Binary Day or something else, it s Friday, I don t know about you, but I m looking forward to this weekend and spending some time with friends Being a parent, I don t get out for adult time as much as I once did, which makes the rare occassions all that http://www.secuobs.com/revue/news/340134.shtmlhttp://www.secuobs.com/revue/news/340134.shtml Secuobs.com : 2011-11-09 00:44:36 - Network Security Blog - We re still scattered to the wind and getting together for a podcast is proving to be nearly impossible Luckily Martin was able to get a couple of podcasts from BSides DFW this weekend, so there s a podcast, short as it is It s almost enough to make you wonder if having a successful helps make you http://www.secuobs.com/revue/news/339614.shtmlhttp://www.secuobs.com/revue/news/339614.shtml Secuobs.com : 2011-11-08 23:53:34 - Network Security Blog - I had a great time at BSides DFW this weekend Michelle Klinger, Joseph Sokoly and the whole crew of volunteers who made the event happen did such an awesome job of putting it together and the Microsoft tech center was the perfect place to have it Not that Jayson Street didn t make a few of http://www.secuobs.com/revue/news/339585.shtmlhttp://www.secuobs.com/revue/news/339585.shtml Secuobs.com : 2011-11-08 14:56:16 - Network Security Blog - I had a great time at BSides DFW this weekend Michelle Klinger, Joseph Sokoly and the whole crew of volunteers who made the event happen did such an awesome job of putting it together and the Microsoft tech center was the perfect place to have it Not that Jayson Street didn t make a few of http://www.secuobs.com/revue/news/339465.shtmlhttp://www.secuobs.com/revue/news/339465.shtml Secuobs.com : 2011-11-04 17:16:12 - Network Security Blog - It s almost time to hop in the car and head for BSidesDFW I even think in hashtags some days in about an hour I find it annoying that I have to leave the house about 3 hours before my flight to have any chance of making it, since it takes 90 minutes to get to http://www.secuobs.com/revue/news/338887.shtmlhttp://www.secuobs.com/revue/news/338887.shtml Secuobs.com : 2011-11-03 16:52:10 - Network Security Blog - This week s podcast conversation with HD Moore and Josh Corman was a good thing Getting the ideas of HD Moore s Law , the security poverty line and security debt out there so other people can beat on the ideas, examine them for flaws and hopefully incorporate portions of the concepts into their own thinking This is, http://www.secuobs.com/revue/news/338651.shtmlhttp://www.secuobs.com/revue/news/338651.shtml Secuobs.com : 2011-11-02 01:46:24 - Network Security Blog - Tonight Martin is speaking to Josh Corman, Akamai co-worker, and HD Moore, creator of Metasploit and Rapid7 CTO Josh came up with the idea of HD Moore s Law a couple of months ago, the idea that the strength of the casual attacker is roughly equivalent to what Metasploit is capable of If your corporation isn t http://www.secuobs.com/revue/news/338231.shtmlhttp://www.secuobs.com/revue/news/338231.shtml Secuobs.com : 2011-11-01 05:29:26 - Network Security Blog - it was a fun Halloween, or at least as much fun as it can be if you spend the whole day home working It would have been fun to be in the office today to see my co-workers in their costumes, but I had far to much to do to make the commute to my http://www.secuobs.com/revue/news/337956.shtmlhttp://www.secuobs.com/revue/news/337956.shtml Secuobs.com : 2011-10-30 22:11:37 - Network Security Blog - I ve wanted a stand-up desk since I was a kid Except then they were called drafting tables and they weren t set up for computers, they didn t have a place to put the monitors and they were slanted to make drawing easier I work from home more often than I do from the office, which means http://www.secuobs.com/revue/news/337729.shtmlhttp://www.secuobs.com/revue/news/337729.shtml Secuobs.com : 2011-10-30 15:38:41 - Network Security Blog - It was a good week I took off Monday for Miami and the Hacker Halted conference where I caught up with a number of friends and enjoyed some good talks George Kurtz from McAffee was very educational, first because of his subject matter, Have we lost the war on Security , but also because he s a http://www.secuobs.com/revue/news/337704.shtmlhttp://www.secuobs.com/revue/news/337704.shtml Secuobs.com : 2011-10-29 06:27:56 - Network Security Blog - I m not much of a programmer I ve written a few thousand lines of code in my life, but that s just enough to make me familiar with the generalities of programming One of the things I learned early is that I could either learn to program and sacrifice a large amount of my social skills in http://www.secuobs.com/revue/news/337573.shtmlhttp://www.secuobs.com/revue/news/337573.shtml Secuobs.com : 2011-10-28 17:45:22 - Network Security Blog - I spent the week at the Hacker Halted conference in Miami and had a great time Except for the part where my iPad gave me an error message stating it needed to be restored from back up and commenced a reboot cycle Which lasted until Wednesday afternoon Nothing like being at a security convention and http://www.secuobs.com/revue/news/337475.shtmlhttp://www.secuobs.com/revue/news/337475.shtml Secuobs.com : 2011-10-23 18:17:45 - Network Security Blog - Yesterday was a very productive day, and I m more than a bit proud of myself I ve working from home for more than a few years now and I ve gotten progressively bigger and bigger and in worse and worse shape I ve been in worse shape than I am right now, but it s been a downward trend http://www.secuobs.com/revue/news/336404.shtmlhttp://www.secuobs.com/revue/news/336404.shtml Secuobs.com : 2011-10-22 15:28:07 - Network Security Blog - The problem with having a body clock that thinks it s on the East Coast even when it s not is that I m up early no matter what day of the week it is I d like to sleep in, but once thoughts of CDN s and presentations start dancing in my head, it s time to get up Which http://www.secuobs.com/revue/news/336352.shtmlhttp://www.secuobs.com/revue/news/336352.shtml Secuobs.com : 2011-10-20 22:39:53 - Network Security Blog - I knew it had to happen eventually, but that doesn t lessen my desire to strangle the marketing person responsible for what was probably just a reprinted press release Or maybe the reporter who came up with the title of the article should be the one throttled In either case, I can t let an article that http://www.secuobs.com/revue/news/336059.shtmlhttp://www.secuobs.com/revue/news/336059.shtml Secuobs.com : 2011-10-20 15:17:15 - Network Security Blog - The last couple months seem to have flown by It seems like just yesterday I was complaining about September being gone before I knew it and now it s almost Halloween I m pretty certain no one s stealing my time, but some days I wonder In any case there s stuff to do and places to go today, http://www.secuobs.com/revue/news/335955.shtmlhttp://www.secuobs.com/revue/news/335955.shtml Secuobs.com : 2011-10-18 18:43:26 - Network Security Blog - I used to post some of my reading material at least daily, but got out of the habit because I was using the posts to fuel the podcast But since I ve been bad at posting anything at all lately, I ve decided that I should post at least every few days the articles I m reading to http://www.secuobs.com/revue/news/335455.shtmlhttp://www.secuobs.com/revue/news/335455.shtml Secuobs.com : 2011-10-17 16:16:47 - Network Security Blog - After four years of working as a Qualified Security Assessor QSA for two different Qualified Security Assessment Companies QSAC it s a huge relief to be able to introduce myself as a recovering QSA As a friend of mine the pointed out, the taint of being a QSA is not something that washes off easily, it http://www.secuobs.com/revue/news/335165.shtmlhttp://www.secuobs.com/revue/news/335165.shtml Secuobs.com : 2011-10-05 02:20:35 - Network Security Blog - Rich and Martin are around this week and managed to pull off a show despite oggling the new iPhone okay, maybe that was just one of us We talk about the big announcement from Securosis before jumping into the week s security news High drama, low comedy, and you know the rest Network Security Podcast, Episode http://www.secuobs.com/revue/news/332723.shtmlhttp://www.secuobs.com/revue/news/332723.shtml Secuobs.com : 2011-10-04 19:54:54 - Network Security Blog - Last night I got an email from Jim Engineer at e-Rainmaker PR stating that Kevin Mandia from Mandiant would be appearing before Congress I m always interested in hearing the leaders in our industry speak to members of Congress, because it reveals a lot not only about how the thought processes of the folks who are http://www.secuobs.com/revue/news/332646.shtmlhttp://www.secuobs.com/revue/news/332646.shtml Secuobs.com : 2011-10-04 16:53:14 - Network Security Blog - This weekend I saw a post called What does eight years of blogging get you I realized almost immediately that I d been blogging for just over 8 years myself and that the author s experiences mirror my own, though he s a bit more prolific and encourages comments much more than I do In 8 years, I ve http://www.secuobs.com/revue/news/332592.shtmlhttp://www.secuobs.com/revue/news/332592.shtml Secuobs.com : 2011-09-29 06:37:20 - Network Security Blog - When I left Verizon Business, I stuck around all of July for one reason and one reason only I d been working with the folks at Verizon for several months to collect all the data we could about the Reports on Compliance we had done in 2010 I like my ex-coworkers, but it was really the http://www.secuobs.com/revue/news/331675.shtmlhttp://www.secuobs.com/revue/news/331675.shtml Secuobs.com : 2011-09-28 02:15:57 - Network Security Blog - We re back Not that we actually left, but we ve all been so tied up in each of our own lives that we ve let the podcast slip the last month or so We re working on a more permanent arrangement and some of the issues that have cropped up lately are getting solved, but we will probably http://www.secuobs.com/revue/news/331410.shtmlhttp://www.secuobs.com/revue/news/331410.shtml