Category Archives: Podcasts

An Information Security Place Podcast – Episode 01 for 2012 – Breach Report

  Posted by
on
Reply
Standard Podcast [ 32:04 ] Play Now | Play in Popup | Download (381)

Wow! Six Months…and two job changes later, we are finally back to recording! YEAH!….Here the latest show from our intrepid hosts.

Show Notes:

InfoSec News Update –

Discussion Topic – 2012 Breach Report

  1. Care2 Discloses Breach; Company Has Nearly 18 Million Members
  2. AntiSec hit California and NY Law Enforcement Sites
  3. Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank

Music Notes: Special Thanks to the guys at RivetHead for use of their tracks

  • Intro – RivetHead – The 13th Step”
  • News Bed – RivetHead - “Beautiful Disaster”
  • Discussion Bed – RivetHead - “Difference”
  • Outro – RivetHead – “Zero Gravity”
  • Tour Dates:
    1. Jan 6 – Dallas – Curtain Club
    2. Jan 27 – Dallas – Trees
    3. Jan 28 – Dallas – Trees
    4. Mar 2 – Dallas – Curtain Club – 7th Album CD Release Party
    5. Mar 3 – Houston – BFE Rock Club
    6. Mar 24 – Fort Worth – The Rail Club
    7. May 5 – Dallas – Renos Chop Shop

 

Introducing Jim Broome

  Posted by
on
Reply

We caught a big one!
I’m proud to announce that my buddy Jim Broome has joined the NT OBJECTives team and will be a contributing to the blog and podcast.

Jim Broome, CISSP
Jim, an information security veteran with two decades of experience in the security industry, is joining as VP of Security Services. Jim’s role is to provide world-class SaaS based web security services through NTOSpider On-Demand while also providing leadership to the NTOLabs research and consulting teams.

Experience
Practice Manager – Accuvant LABS – Accuvant, Inc.
As one of Accuvant’s most seasoned security assessors, Mr. Broome performed innumerable consultative engagements including enterprise security strategy planning, risk assessments, threat analysis, application assessments, network assessments, penetration testing, and wireless security assessments for a large number of Fortune 500 clients. These clients came from a variety of markets, including manufacturers, telecommunications (cellular and traditional), public utilities, healthcare, financial services, and state governments.

Principal Security Consultant – ISS X-Force

Prior to joining Accuvant, Jim was a principal security consultant for Internet Security Systems (ISS) and a member of the X-Force penetration testing team. At ISS, he was responsible for providing technical leadership to the Western region consulting practice while performing his day-to-day duties of network assessments and penetration testing.

Directory of Network and Security Operations – Cavion.com

Before X-Force, he was the director of network operations for Cavion.com, a managed service provider exclusively for credit unions. At Cavion.com, Jim was responsible for managing the network operations staff and security organization while maintaining 99.999% uptime.

Introducing Man Vs WebApp

  Posted by
on
Reply

mva_logo_black

I’m Dan Kuykendall and I’m going to show you what it takes to hack into some of the most dangerous places on the web.

I’ve got to make it through a weak set of defenses in the sort of places you would think would have the right survival skills.

This week I’m in the dense objects of AMF, one of the least understood parts of the web. Its an environment full of hidden dangers. The decoders are unforgiving. Even the applets can push you to the limit. And every step forward, you can take two steps back.

As I prepare to re-launch my Podcast I am doing so with a new name and new concept. I will cover the news and random web app sec that comes up, but mostly will focus on the actual how to’s for attacking and defending in as many shows as possible.
The show and this Blog will be renamed to “Man Vs WebApp”, and should take another week or so to get the migration completed and for me to start posting shows. All the existing content should stay in place. I appreciate your patient as the site goes through the changes and there may be some odd behavior/broken_pages for a few days.

An Information Security Place Podcast – Episode 07-2011

  Posted by
on
Reply
Standard Podcast [ 35:43 ] Play Now | Play in Popup | Download (1090)

Today we have an interview for you. Michael had a great time sitting down with four gentlemen (they might not all agree with that term) from SpiderLabs over at Trustwave. The aforementioned SpiderLabs folks were Nicholas Percoco (@c7five), Steve Ocepek (@nosteve), Matt Jakubowski (@jaku), and Zack Fasel (@zfasel) – those are Twitter aliases for you newbs out there.

They went over their respective histories, talked about SpiderLabs and their leetness, discussed a few talks that they are doing at DEFCON, talked about their party at DEFCON that will be held in a super-secret location, and went through about 50 SpiderLabs insider jokes.

Michael is also pretty sure someone (Zack) was enjoying adult beverages (Zack) during the recording (Zack), but he might be wrong…

Enjoy the show. And once again, thanks to Rivethead for the tracks. Go out to their website to see the latest on them, where they are playing, and all their news.

An Information Security Place Podcast – Episode 06-2011

  Posted by
on
Reply
Standard Podcast [ 36:32 ] Play Now | Play in Popup | Download (818)

A lot of discussion in this episode. And what is more funny is Dan actually cuts Jim off on a subject. Yes, you heard it right. The famous “Web Security Minute Turned to 20 Minutes” Dan makes Jim stop talking. I guess the end of the world IS here!

Oh, and Dan leads us into the Land of Many Links with his Clickjacking story.

Show Notes:

InfoSec News Update -

  • HouSecCon 2011 update – Registration is open – Link Here
  • PCI Physical badging Gap – Link Here
  • Using Mario against us (evil) – Link Here
  • FUD article of the day – Half of lost/stolen mobile device have sensitive info on them – Link Here
  • Defining appropriate Cyber Attack response, A.K.A Eat my cruise missile you Commie, Pinko hacker! – Link Here
  • Clickjacking, Cookiejacking oh my! – Link 1 / Link 2 / Link 3 / Link 4
  • Can you have too much security? – Link Here

Geek Toys -

Discussion Topic – Five Infamous Database Breaches So Far In 2011 – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
  • July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

An Information Security Place Podcast – Episode 05-2011

  Posted by
on
Reply
Standard Podcast [ 39:51 ] Play Now | Play in Popup | Download (750)

I am tired of making excuses about us being late, so here is friggin’ episode #05-2011. Have fun!

Show Notes:

InfoSec News Update -

Discussion Topic – Scoping too small…

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • July 9 – with Powderburn, Earthrot, and more – Tomcats West in Fort Worth, TX
  • July 24 – with Creeper, Phantom X, and more – Oriley’s in Dallas, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

An Information Security Place Podcast – Episode 04-2011

  Posted by
on
Reply
Standard Podcast [ 39:28 ] Play Now | Play in Popup | Download (745)

Hey, all three of us are here, and on schedule…. somebody check the temp outside :)

Show Notes:

InfoSec News Update -

  • TexSecConTriangle.com coming soon – HouSecCon, BSidesDFW, and LasCon
  • Gonzales Update – Link Here
  • Dropbox Pwnage -Link Here
  • TX exposes 3.5 Mill records – Link Here
  • Yet another Security Company Fail – Link Here
  • IPhone keylogger – Link Here
  • Law Firms Under Siege – Link Here

Discussion Topic – Reading the Fine Print in Cloud Computing – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
  • May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
  • Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
  • Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead - “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

An Information Security Place Podcast – Episode 03-2011

  Posted by
on
Reply
Standard Podcast [ 35:43 ] Play Now | Play in Popup | Download (715)

So it took a bit longer this time due to scheduling, and bodily harm on Michael’s part… but we finally got another episode recorded. Enjoy.

Show Notes:

InfoSec News Update -

Discussion Topic – How Detailed is Your DR Plan?

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Apr 20, 2011 – Sevendust, RIVETHEAD and TBA – Trees – Dallas, TX
  • May 7, 2011 – Powderburn and RIVETHEAD – BFE Rock Club – Houston, TX
  • Jun 4, 2011 – RIVETHEAD, The Razorblade Dolls, Horror Cult and more – The Rail – Fort Worth, TX
  • Jul 9, 2011 – RIVETHEAD, Powderburn, Earthrot and more – Tomcats West – Fort Worth, TX

Intro – RivetHead – “Stirring It Up Again”

News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

An Information Security Place Podcast – Episode 02-2011

  Posted by
on
Reply
Standard Podcast [ 39:10 ] Play Now | Play in Popup | Download (680)

We have a little bit of innuendo humor on this episode, and we all break into some hysterics (it’s all in the geek toys section, so fast forward if you want to hear all that). Around that is some information and opinion on InfoSec stuff. We figured we would throw that in there because of the name of the podcast, but whatever…

Show Notes:

InfoSec News Update -

  • HouSecCon 2011 Call for Papers – Link Here
  • Busting DLP Myths or Playing with Hype? Link Here
  • Google collecting kid’s info (including last 4 of SSN) for Doodling contest – Link Here
  • Smartphone security threats overdramatized – Link Here
  • 7 Deadly Sins – Link Here
  • Another certification debate – Link Here
  • Abusing HTTP Status Codes to Expose Private Information – Link Here

Geek Toys –

Discussion Topic – Saying No to Bad Patents – Link 1 / Link 2 / Link 3

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Feb 26th – in Carlsbad NM
  • March 19 – The American Airlines Center at the Dallas Stars Hockey Game

Intro – RivetHead – “Stirring It Up Again”
News Bed – RivetHead – “Beautiful Disaster”
Discussion Bed – RivetHead - “Difference”
Outro – RivetHead – “Zero Gravity”

An Information Security Place Podcast – Episode 01-2011

  Posted by
on
Reply
Standard Podcast [ 39:59 ] Play Now | Play in Popup | Download (680)

We have started recording the Info Sec Place Podcast again!

Show Notes:

InfoSec News Update -

    • Study shows non-compliance more expensive than compliance (study was sponsored by Tripwire) – Article Link / Report Link
    • Security Fail – When Trusted IT members go bad!! – Link Here

“It’s a CIO’s worst nightmare: You get a call from the Business Software Alliance (BSA), saying that some of the Microsoft software your company uses might be pirated.

You investigate and find that not only is your software illegal, it was sold to you by a company secretly owned and operated by none other than your own IT systems administrator,
a trusted employee for seven years. When you start digging into the admin’s activities, you find a for-pay porn Web site he’s been running on one of your corporate servers.
Then you find that he’s downloaded 400 customer credit card numbers from your e-commerce server.

And here’s the worst part: He’s the only one with the administrative passwords.”

  • Looking back at old security news – have we made progress?? – Link Here (Registration required for full article)
  • A SLOW Death! – Link Here
  • Egypt gets Internet connection back – Link Here
  • Ever Cookie’s Anyone? – Link Here

Discussion Topic #1 – CSRF and Clickjacking – Link Here

Music Notes:

Special Thanks to the guys at RivetHead for use of their tracks – http://www.rivetheadonline.com/

Tour dates:

  • Feb 19th – Playing Curtain Club Dallas, TX
  • Feb 26th -  in Carlsbad, NM
  • March 19th – American Airlines Center at a Dallas Stars Hockey game
  • Intro – RivetHead – “Stirring It Up Again”
  • Outro – RivetHead – “Zero Gravity”