Mon, 29 August 2016
NewsCast for Tuesday August 30th, 2016
Clinic Won’t pay breach protection for victims
California Bill would add security standards to data breach law
St. Jude stock shorted on heart device hacking fears
A Temperature-check on the state of application security
Important Apple patch for ‘Trident’
Direct download: DtSR_Episode_209_-_NewsCast_for_August_29th_2016.mp3
Category:NewsCast -- posted at: 11:57pm CDT
Tue, 23 August 2016
This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk through the sudden popularity of the attack vector, the way the underground "criminal enterprise" has scaled and grown and the future of being a bad guy.
If you have occasion to talk to your organization's leadership on the ransomware epidemic, you need to listen to this podcast first.
Direct download: DtSR_Episode_208_-_Beyond_the_Ransomware_Economy.mp3
Category:Enterprise Security -- posted at: 12:58am CDT
Thu, 18 August 2016
Quick note from Michael about the Straight Talk Framework & Program -- >
Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?
The Future Of ATM Hacking
Apple will reward hackers with "bug bounty" to find flaws
Turbulence Ahead: Delta Computer Outage Is Just The Start, Say Experts
Risk vs reward – when good data becomes dangerous
Chief Security Officer May Be The Job Of The Future That No One Wants
Direct download: DtSR_Episode_207_-_NewsCast_for_August_16th_2016.mp3
Category:NewsCast -- posted at: 12:14am CDT
Tue, 9 August 2016
In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues.
This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us:
Steve on Twitter: @SushiDude
Hashtag for the show: #DtSR
Steve's Bio (from LinkedIn - https://www.linkedin.com/in/steve-christey-coley-66aa1826):
Editor / Technical Lead for the Common Vulnerabilities and Exposures (CVE) project; Technical Lead for the Common Weakness Enumeration (CWE); co-author of the "Responsible Vulnerability Disclosure Process" IETF draft with Chris Wysopal in 2002; participant in Common Vulnerability Scoring System (CVSS) and NIST's Static Analysis Tool Exposition (SATE). My primary interests include secure software development and testing, understanding the strengths and limitations of automated code analysis tools, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research.
Direct download: DtSR_Episode_206_-_Vulnerabilities_Disclosure_Ethics_Research_and_Security.mp3
Category:Enterprise Security -- posted at: 10:41pm CDT
Fri, 5 August 2016
Quick note from Michael about the Straight Talk Framework -- >
$2.7 Million HIPAA Penalty For Two Smaller Breaches
Is the GOP seriously considering endorsing vigilante hacking?!
NIST declares the age of SMS based 2-factor authentication over
The ninth circuit holds that accessing a website after receiving a cease and desist order does violate CFAA
A “famed hacker” is Grading Thousands of programs
Direct download: DtSR_Episode_205_-_NewsCast_for_August_2nd_2016.mp3
Category:NewsCast -- posted at: 10:59pm CDT