Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in iTunes
Brakeing Down Security Podcast
2017
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: Page 8
Apr 28, 2014

Mandiant put out their 2014 Threat Report, and we got into all the meaty goodness.  From the Syrian Electronic Army, Iran, and China's APT1 and APT12.

Find out if the bad guys are getting smarter, or if we are just making it easier for them? Have a listen and find out.

 

 

Mandiant 2014 report (registration required):  http://connect.mandiant.com/m-trends_2014

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 21, 2014

Since 2006, Verizon has put out their yearly PCI report.  We break it down, and discuss the merits of the report.

 

2014 Verizon Report: www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf

 

 

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 15, 2014

This is Part 2 of our interview with Phil Beyer.  We asked him about the difference between mentoring and coaching, and we end the podcast talking about influence, the types of influence and ways to gain influence.

 

 

 

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 14, 2014

Whois for heartbleed was registered 5 April 2014 by Marko Laasko:

 

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: HEARTBLEED.COM
Registry Domain ID: 1853534635_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-04-05 15:13:33
Creation Date: 2014-04-05 15:13:33
Registrar Registration Expiration Date: 2015-04-05 15:13:33
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: email@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Marko Laakso
Registrant Organization: Codenomicon Oy
Registrant Street: Tutkijantie 4E
Registrant City: Oulu
Registrant State/Province: Oulu
Registrant Postal Code: 90590
Registrant Country: Finland
Registrant Phone: +358.451302656
Registrant Phone Ext:
Registrant Fax: +358.3588340141
Registrant Fax Ext:
Registrant Email: email@codenomicon.com
Registry Admin ID:
Admin Name: Marko Laakso
Admin Organization: Codenomicon Oy
Admin Street: Tutkijantie 4E
Admin City: Oulu
Admin State/Province: Oulu
Admin Postal Code: 90590
Admin Country: Finland
Admin Phone: +358.451302656
Admin Phone Ext:
Admin Fax: +358.3588340141
Admin Fax Ext:
Admin Email: email@codenomicon.com
Registry Tech ID:
Tech Name: Marko Laakso
Tech Organization: Codenomicon Oy
Tech Street: Tutkijantie 4E
Tech City: Oulu
Tech State/Province: Oulu
Tech Postal Code: 90590
Tech Country: Finland
Tech Phone: +358.451302656
Tech Phone Ext:
Tech Fax: +358.3588340141
Tech Fax Ext:
Tech Email: email@codenomicon.com
Name Server: NS-697.AWSDNS-23.NET
Name Server: NS-1338.AWSDNS-39.ORG
Name Server: NS-1621.AWSDNS-10.CO.UK
Name Server: NS-473.AWSDNS-59.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-04-13T12:00:00Z


NSA exploting HeartBleed for years:  http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

RFC6520 - TLS Heartbeat (co-authored by the the guy Robin Seggelmann) https://tools.ietf.org/html/rfc6520

 

Slashdot article: http://it.slashdot.org/story/14/04/10/2235225/heartbleed-coder-bug-in-openssl-was-an-honest-mistake

 

OpenBSD's Theo De Raadt having a rant about OpenSSL: http://it.slashdot.org/story/14/04/10/1343236/theo-de-raadts-small-rant-on-openssl

 

OpenSSL's malloc issues: http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse and http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf

Custom Snort rules to detect HeartBleed: http://blog.snort.org/2014/04/sourcefire-vrt-certified-snort-rules_10.html

 

 

Intro/Outro Music:

"All This" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

 

Apr 7, 2014

This week, we're leaving the Infosec track a bit, but this interview may be more important to being a person's development as a good Infosec person.

We interviewed Mr. Phil Beyer, Director of Information Security for the Advisory Board Company.  In addition to being a past president of the Capitol of Texas ISSA Chapter, he co-founded the Texas CISO Council, a regional steering committee composed of security leaders from private industry and the public sector.

He recently gave a talk at Bsides Austin about leadership, and how anyone can be a leader of men. It was very inspiring and something Mr. Boettcher and I thought would be interesting for people in any line of work, not just infosec would benefit from.  If you would like to hear his Bsides Austin talk, we have an exclusive audio copy of the talk, which you can find with his slideshare link here: Brakeingsecurity.com

Please leave feedback if you like this, or please feel free to re-tweet/share this elsewhere.

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Apr 4, 2014

I take a few minutes to explain a quick mass renaming shortcut using sed I use when I have multiple files that I need to rename.  I used the example of spaces in filenames, but you can use this to append a name to multiple files.

Another way to easily change files is to use the 'tr' command. You can change a filename from all lowercase to all uppercase letters, or even remove non-printable characters from filenames.

 

Take a look, please leave feedback.  I know there are other ways using awk, perl, and others.  This is just another way to do it.

Mar 31, 2014

We are pleased to be the only podcast to have audio of the talk Phil Beyer gave at Bsides Austin!  It is a very informative talk about leadership, not just in Information Security, but how to be a leader in any field you do.

 

Breaking Down Security will also carry a 2 part interview with Phil. The first will post on the 6th of April, and the 2nd part will be on the 13th of April.

Phil uploaded the slides of this presentation at Bsides Austin at http://www.slideshare.net/pjbeyer/choose-to-lead.

Brakeing Down Security would like to thank Phil Beyer for his time and generosity.

Mar 31, 2014

We discuss IDS and IPS, why they are needed, and why they get a pass on how easily they are bypassed, and why AV gets all the press...

 

 

 

 

 

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

 

 

 

Mar 24, 2014

This week, we got into some discussion about frameworks, and the different types of frameworks available (regulatory, "best practice", and process improvement)

We also looked at the new "Framework for Improving Critical Infrastructure Cybersecurity" ratified and released last month.

Does it meet with our high expectations? You'll just have to listen and find out.

 

http://www.nist.gov/cyberframework/

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Mar 18, 2014

Cracking great show this week!  Mr. Boettcher and I got all into authentications methods, why they don't always work, and what can we do to make passwords more secure, using Mike Murray's method of 'Passphrases' over passwords...

 

Finally, we talked about some adventure Mr. boettcher had with a friend's malware infection (it wasn't me, I promise!).  He took what we learned from @hackerhurricane (Michael Gough) and is actively doing forensics on it.

 

 

http://daleswanson.org/things/password.htm

Malware, Rootkits & Botnets A Beginner's Guide by Christopher Elisan

 

 

 

 

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Mar 9, 2014

This is the Part 2 of our Interview with Kevin Johnson.  During our interview, we followed him down the rabbit hole.  We learned how to default rulesets in ANY rules based hardware solution sucks.  We learned that being a security professional is more than just a fancy title.  And finally, we learned that Kevin is a huge fan of Star Wars.

 

DB Visualizer --  http://www.dbvis.com/

 

Good article on how homomorphic encryption works:

http://www.americanscientist.org/issues/pub/2012/5/alice-and-bob-in-cipherspace

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Mar 4, 2014

During our SEC542, GIAC Web App Pentesting course, we got the pleasure and honor of sitting down with Kevin Johnson from SecureIdeas on who he is, how Samurai WTF came into being, and why we should be doing licensing for proper ethcial hackers.

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Feb 24, 2014

This is part 2 of our Interview with Malware researcher Michael Gough.  We talk about mobile device malware, and how the Sniper Forensic Toolkit, differs from Tripwire.

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

"Infectedpc_primary.jpg is from bugsrepair.com

Feb 17, 2014

This week, we are excited to have Michael Gough, a local malware researcher from Mi2Security on with us to talk about types of malware, infection vectors, some of the tools that users have available to them to detect and prevent malware.  We also discuss who gains from malware infections, the 'bad guys', and even the AV/Malware detection companies.  We also talk about how his software program "Sniper Forensic Toolkit" would detect malware.

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Feb 10, 2014

This week, we interviewed Frank Kim, an instructor from SANS, talks about developers methods, the challenges of getting developers to code securely, and the efforts to create a culture of secure coding.

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Feb 3, 2014

All superheroes have an origin story, Brian and I are not super, but we have a great origin story.  This week's podcast is about how we made it into the Infosec industry, and we also discuss the value of research from an OS point of view.  We also talk about mentoring and assistance for those looking to get into the InfoSec world.

Intro "Private Eye" and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Jan 27, 2014

In this issue, we talked about upcoming podcasts with Michael Gough from MI2 Security discussing malware, and this week we get into everything about alerts, why they are important, types of alerts, levels that can occur, and even a bit of incident response in handling alerts.

Intro "Private Eye" and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Jan 20, 2014

This week Bryan and Brian talk about the uses, and sometimes pitfalls, of vulnerability scanners.

Intro "Private Eye" and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Jan 15, 2014

In this inaugural episode, Bryan and Brian discuss the history of hashes, how hashes are used and how to make them more secure.

Intro "Private Eye" and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

1 « Previous 2 3 4 5 6 7 8