Tue, 20 December 2016
Merry Christmas, Happy New Year everyone!
May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the very best and a healthy, prosperous and fulfilling 2017.
We will be back in 2017 with another great DtSR Episode... but before we go - here's one last NewsCast for 2016.
Yahoo - setting records again - biggest hack ever
Netgear Routers - Simple fix, Difficult fix
Microsoft Patches dangerous backdoor in skype for Mac OSX
Flash being relegated by MS’s Edge browser… is it time?
Direct download: DtSR_Episode_225_-_NewsCast_for_December_20th_2016.mp3
Category:NewsCast -- posted at: 11:50am CDT
Tue, 13 December 2016
On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be responsible for patching the devices they own? Is it the vendor who sells the wares? Is it the manufacturer who sells things with security issues?
What if it was everyone's problem? How do we police, legislate and ultimately assign blame? Should we be assigning blame, and more importantly what gives with this fascination for blaming the victim?
Lots of questions are asked and we start to tackle some of the answers...maybe.
Direct download: DtSR_Episode_224_-_Pointing_the_Finger_of_Responsibility.mp3
Category:Enterprise Security -- posted at: 10:55am CDT
Tue, 6 December 2016
Federal Government Disproves the Myth of Cyber Talent Shortage
5 Mistakes to Avoid to Hire Qualified Application Security Talent
Obama Cyber Security Commission to [Finally] Present Its Report
The First Question Security Leaders Need to Ask Before the Breach Happens
Amazon Unveils Anti-DDoS Service for Customers
Direct download: DtSR_Episode_223_-_NewsCast_for_December_6th_2016.mp3
Category:general -- posted at: 8:46am CDT
Tue, 29 November 2016
This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's implemented. It's a concept everyone should be familiar with by now - but I bet you aren't!
Join us, and as always provide feedback to the team using the hashtag #DtSR on Twitter, and you can always ping John directly at @Kindervag as well.
Tue, 22 November 2016
DHS Releases Strategic Principles for Securing the Internet of Things
What about the “need” for IoT legislation?
Facebook buys black market passwords to keep your accounts safe
Michael just got back from Boston, hosting a CISO Leadership Conferences. We discuss the trends that came up…
→ just the trends…
Tue, 15 November 2016
This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off the hamster wheel.
As always, #DtSR on Twitter to join in our conversation.
Tue, 8 November 2016
It is election day.. Have you voted?
Beware, IPhone Users: Fake retail apps are surging before the holidays
Moving Beyond EMET
Tesco Bank blames ‘systematic sophisticated attack’ for account losses
Google Discloses “Critical Flaw” in Microsoft OS 10 Days After Notifying
Tue, 1 November 2016
This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are running their criminal enterprise, security teams have struggled to be business-relevant. This discussion starts to dive into how to align security and business goals, answering the "how much is enough?" question and so much more.
Tue, 25 October 2016
The Massive DDoS That Hit Dyn.Org
Verizon Reviewing Terms of Yahoo Deal As Revenue Slides
Passwords - We’re Still Giving Out Horrible Advice
St. Jude Medical to Create Cybersecurity Advisory Board; Muddy Waters Releases More Vulnerability Allegations
Direct download: DtSR_Episode_217_-_NewsCast_for_October_25th_2016.mp3
Category:general -- posted at: 12:00am CDT
Wed, 19 October 2016
This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many John Oliver episodes...)
Jeff Williams ( @Planetlevel ) and Tyler Shields ( @txs ) join me to talk this topic over from where we've been, to what we're doing now, to what the solution to this mess will be one day in the future. It's an interesting conversation that should stir up some emotion if you've been in AppSec or software security as there really are no docile opinions on this topic (or many others in security, unfortunately).
Plug in, listen and enjoy.
Direct download: DtSR_Episode_216_-_Why_Software_Insecurity_is_Still_a_Thing.mp3
Category:Enterprise Security -- posted at: 11:20am CDT
Tue, 11 October 2016
‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests
Our insulin pumps could be hacked, warns Johnson & Johnson
FBI arrests NSA contractor who stole sensitive data
Direct download: DtSR_Episode_215_-_NewsCast_for_October_11th_2016.mp3
Category:NewsCast -- posted at: 4:51pm CDT
Tue, 4 October 2016
Grab a cup of coffee, jack in your earphones and listen up.
DtSR Episode 214 is addressing the issue of breaches, and their material financial impact to an organization.
The premise is simple - when you have a breach, are you going to see massive stock price drop, client exodus and so on? We sit down with legal expert and DtSR regular Shawn Tuma and researcher Jon Nichols to talk this through with James, Michael and yours truly.
Check this episode out. It may sting a bit, but once you come to grips with its reality - the world looks a little different.
Direct download: DtSR_Episode_214_-_Financial_Impact_of_Breaches.mp3
Category:Enterprise Security -- posted at: 12:00am CDT
Tue, 27 September 2016
Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss with me - I’ll offer a brief overview and then a “setup for Straight Talk” review to explore how to get you started. It’s a real offer because I know we’ll both learn. And then I’ll get a better sense of where to focus and how to help more people in our industry.
Note on yahoo: we’ll talk to Shawn later
How are Healthcare Data Breach Victims Affected by Attacks?
We're told data breaches cost millions on average - but this security study disagrees
NIST launches self-assessment tool for cybersecurity
House to vote on cyber bill for small businesses
Direct download: DtSR_Episode_213_-_NewsCast_for_September_27th_2016.mp3
Category:NewsCast -- posted at: 12:00am CDT
Tue, 20 September 2016
In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.
Mike has loads of nuggets of wisdom from his experience and we're certain that if you're a seasoned insider threat professional, or just thinking about the topic and wondering if you can do anything to protect your company - this show will be a good primer for furthering your discussion and learning.
Listen in, comment and share with your colleagues! Our show is always safe for the office and educational.
Talk back! Use our Twitter hashtag #DtSR to discuss this episode, ask questions, or suggest other topics or guests for the future!
Wed, 14 September 2016
Chrome to label more sites as insecure in 2017
A USB Device is all it takes to steal credentials from locked PCs
DHS chief: 'Very difficult' for hackers to skew vote
Big business worried more about data loss than hackers – survey
Obama Names Retired Air Force General as First Federal CISO
Direct download: DtSR_Episode_211_-_NewsCast_for_Sept_13th_2016.mp3
Category:NewsCast -- posted at: 10:01pm CDT