Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in iTunes
Brakeing Down Security Podcast
2017
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: April, 2014
Apr 28, 2014

Mandiant put out their 2014 Threat Report, and we got into all the meaty goodness.  From the Syrian Electronic Army, Iran, and China's APT1 and APT12.

Find out if the bad guys are getting smarter, or if we are just making it easier for them? Have a listen and find out.

 

 

Mandiant 2014 report (registration required):  http://connect.mandiant.com/m-trends_2014

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 21, 2014

Since 2006, Verizon has put out their yearly PCI report.  We break it down, and discuss the merits of the report.

 

2014 Verizon Report: www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf

 

 

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 15, 2014

This is Part 2 of our interview with Phil Beyer.  We asked him about the difference between mentoring and coaching, and we end the podcast talking about influence, the types of influence and ways to gain influence.

 

 

 

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 14, 2014

Whois for heartbleed was registered 5 April 2014 by Marko Laasko:

 

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: HEARTBLEED.COM
Registry Domain ID: 1853534635_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-04-05 15:13:33
Creation Date: 2014-04-05 15:13:33
Registrar Registration Expiration Date: 2015-04-05 15:13:33
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: email@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Marko Laakso
Registrant Organization: Codenomicon Oy
Registrant Street: Tutkijantie 4E
Registrant City: Oulu
Registrant State/Province: Oulu
Registrant Postal Code: 90590
Registrant Country: Finland
Registrant Phone: +358.451302656
Registrant Phone Ext:
Registrant Fax: +358.3588340141
Registrant Fax Ext:
Registrant Email: email@codenomicon.com
Registry Admin ID:
Admin Name: Marko Laakso
Admin Organization: Codenomicon Oy
Admin Street: Tutkijantie 4E
Admin City: Oulu
Admin State/Province: Oulu
Admin Postal Code: 90590
Admin Country: Finland
Admin Phone: +358.451302656
Admin Phone Ext:
Admin Fax: +358.3588340141
Admin Fax Ext:
Admin Email: email@codenomicon.com
Registry Tech ID:
Tech Name: Marko Laakso
Tech Organization: Codenomicon Oy
Tech Street: Tutkijantie 4E
Tech City: Oulu
Tech State/Province: Oulu
Tech Postal Code: 90590
Tech Country: Finland
Tech Phone: +358.451302656
Tech Phone Ext:
Tech Fax: +358.3588340141
Tech Fax Ext:
Tech Email: email@codenomicon.com
Name Server: NS-697.AWSDNS-23.NET
Name Server: NS-1338.AWSDNS-39.ORG
Name Server: NS-1621.AWSDNS-10.CO.UK
Name Server: NS-473.AWSDNS-59.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-04-13T12:00:00Z


NSA exploting HeartBleed for years:  http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

RFC6520 - TLS Heartbeat (co-authored by the the guy Robin Seggelmann) https://tools.ietf.org/html/rfc6520

 

Slashdot article: http://it.slashdot.org/story/14/04/10/2235225/heartbleed-coder-bug-in-openssl-was-an-honest-mistake

 

OpenBSD's Theo De Raadt having a rant about OpenSSL: http://it.slashdot.org/story/14/04/10/1343236/theo-de-raadts-small-rant-on-openssl

 

OpenSSL's malloc issues: http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse and http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf

Custom Snort rules to detect HeartBleed: http://blog.snort.org/2014/04/sourcefire-vrt-certified-snort-rules_10.html

 

 

Intro/Outro Music:

"All This" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

 

Apr 7, 2014

This week, we're leaving the Infosec track a bit, but this interview may be more important to being a person's development as a good Infosec person.

We interviewed Mr. Phil Beyer, Director of Information Security for the Advisory Board Company.  In addition to being a past president of the Capitol of Texas ISSA Chapter, he co-founded the Texas CISO Council, a regional steering committee composed of security leaders from private industry and the public sector.

He recently gave a talk at Bsides Austin about leadership, and how anyone can be a leader of men. It was very inspiring and something Mr. Boettcher and I thought would be interesting for people in any line of work, not just infosec would benefit from.  If you would like to hear his Bsides Austin talk, we have an exclusive audio copy of the talk, which you can find with his slideshare link here: Brakeingsecurity.com

Please leave feedback if you like this, or please feel free to re-tweet/share this elsewhere.

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 4, 2014

I take a few minutes to explain a quick mass renaming shortcut using sed I use when I have multiple files that I need to rename.  I used the example of spaces in filenames, but you can use this to append a name to multiple files.

Another way to easily change files is to use the 'tr' command. You can change a filename from all lowercase to all uppercase letters, or even remove non-printable characters from filenames.

 

Take a look, please leave feedback.  I know there are other ways using awk, perl, and others.  This is just another way to do it.

1