An Information Security Place Podcast – Episode 03-2011

So it took a bit longer this time due to scheduling, and bodily harm on Michael’s part… but we finally got another episode recorded. Enjoy.

Show Notes:

InfoSec News Update -

Discussion Topic – How Detailed is Your DR Plan?

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks –

Tour dates:

  • Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
  • May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
  • Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
  • Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”

News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

Prince 1999

Hacking like it’s 1999

Time for a little trek down memory lane, and a move to starting striking out on next trail!

Back in the late 90’s I was only getting started in my life as a “hacker,” and quickly became amazed at the work L0pht was putting out, such as netcat and L0phtCrack. I remember reading about their appearance at the US Congress when it happened, and seeing a small clip of it on MTV’s True Life “I’m a Hacker” later that year.

Prince 1999

Over the years I have had an amazing journey, launching a security group in Fortis US, and then joining Foundstone around 2000. I got to be part of an AMAZING group over there. At the time it turned into a collection of the most insane talent and to this day some of the smartest people I run into all herald from that period at Foundstone.

I have had privilege of getting to know and becoming friends with a few of the guys from those videos, and continue to enjoy meeting these guys and learning from them, and hopefully teaching them a few thing ;)

These days, while running NTO Im having the fun of finding and hiring some of the guys that I think will be the next generation trail blazers, and building tools to aid in today and tomorrows hurdles. Its a blast and I have been thinking that the products to aid in the progress of security are just starting to hit their stride, and the next few years will enter us into another boom for our industry.

However, over the last few months as I have been doing most of the primary research into this whole Cenzic Patent mess, and putting together piles of prior art and having to dig around the community for who was doing what, and when… and remembering and researching the challenges of the day. I watch videos like L0pht at US Congress and the MTV True Life, and read papers and posts from the late 90’s… and I just continue to realize how little progress we have all made. A decade has brought us so much and so little progress.

There is nothing to do but to continue the fight, and continue trying to think about this differently. Maybe the next decade will prove better than the last. To that end, I am re-starting my podcast. I had abandoned my post on this site for too long. We all need to be trying to educate the next generation as much as possible, but to to just show them the current state of affairs, but to hopefully challenge them and instill in them the fun of it all.

So Im dusting off the Mightyseek sound files and mic and gonna get to it.

Talk to you all soon!

Are Mobile Threats Really Overdramatized?

I discussed this article “Experts: Smartphone security threats overdramatized” in the Info Sec Place Podcast last week and my main disagreement is that the writer really is trying to swing the pendulum too far in the other direction to where there is almost no concern. He is also ignoring the server side components which is an area of the problem that I have been spending a bunch of time on.

Now back to the apps themselves, here are two stories about real live bad apps causing damage/money. Yes, maybe there is some slight over-dramatization that the sky is falling, but it really isnt so safe as Snyder wants to have people think.