The information security pro’s resource for keeping corporate data, applications and devices secure
Podcasts
Podcasts for the week of Dec. 24, 2007
--> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> -->
Download MP3 | Subscribe to Security Wire Weekly
--> --> --> --> -->
Download MP3
Podcasts for the week of Dec. 17, 2007
--> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> -->
Download MP3 | Subscribe to Threat Monitor
@21786 Security Wire Weekly -- Dec. 19, 2007 Chris Farrow of the PCI Security Vendor Alliance discusses the PCI DSS deadlines, how credit card companies plan to enforce them and how some merchants are getting extensions to comply. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Dec. 10, 2007 @21786 Security Wire Weekly -- Dec. 12, 2007 PGP Director of Product Management John Dasher talks about the rising cost of security breaches as reflected in the latest Ponemon Institute study. Also Mozilla offers a look at the security enhancements of Firefox 3. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Dec. 3, 2007 @21787Threat Monitor -- Dec. 6, 2007 Cross-build injection attacks: Keeping an eye on Web applications' open source componentsWeb application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build injection and explains why application architects may need to change their ways. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Dec. 5, 2007 Computer forensics and accounting fraud investigator Michael Kessler of Kessler International discusses the latest threat landscape and how companies are locking down their sensitive data. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly – Windows Vista a year later Senior News Writer Bill Brenner talks to security analyst Rich Mogull and Microsoft's Shanen Boettcher about the ongoing compatibility challenges of Windows Vista and what's next. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 26, 2007 @21786 Security Wire Weekly -- Nov. 28, 2007 SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 19, 2007 @21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later Podcasts for the week of Nov. 12, 2007 @26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy @21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Dec. 10, 2007
@21786 Security Wire Weekly -- Dec. 12, 2007 PGP Director of Product Management John Dasher talks about the rising cost of security breaches as reflected in the latest Ponemon Institute study. Also Mozilla offers a look at the security enhancements of Firefox 3. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Dec. 3, 2007 @21787Threat Monitor -- Dec. 6, 2007 Cross-build injection attacks: Keeping an eye on Web applications' open source componentsWeb application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build injection and explains why application architects may need to change their ways. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Dec. 5, 2007 Computer forensics and accounting fraud investigator Michael Kessler of Kessler International discusses the latest threat landscape and how companies are locking down their sensitive data. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly – Windows Vista a year later Senior News Writer Bill Brenner talks to security analyst Rich Mogull and Microsoft's Shanen Boettcher about the ongoing compatibility challenges of Windows Vista and what's next. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 26, 2007 @21786 Security Wire Weekly -- Nov. 28, 2007 SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 19, 2007 @21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later Podcasts for the week of Nov. 12, 2007 @26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy @21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Dec. 3, 2007
@21787Threat Monitor -- Dec. 6, 2007 Cross-build injection attacks: Keeping an eye on Web applications' open source componentsWeb application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build injection and explains why application architects may need to change their ways. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Dec. 5, 2007 Computer forensics and accounting fraud investigator Michael Kessler of Kessler International discusses the latest threat landscape and how companies are locking down their sensitive data. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly – Windows Vista a year later Senior News Writer Bill Brenner talks to security analyst Rich Mogull and Microsoft's Shanen Boettcher about the ongoing compatibility challenges of Windows Vista and what's next. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 26, 2007 @21786 Security Wire Weekly -- Nov. 28, 2007 SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 19, 2007 @21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later Podcasts for the week of Nov. 12, 2007 @26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy @21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Dec. 5, 2007 Computer forensics and accounting fraud investigator Michael Kessler of Kessler International discusses the latest threat landscape and how companies are locking down their sensitive data. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly – Windows Vista a year later Senior News Writer Bill Brenner talks to security analyst Rich Mogull and Microsoft's Shanen Boettcher about the ongoing compatibility challenges of Windows Vista and what's next. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 26, 2007 @21786 Security Wire Weekly -- Nov. 28, 2007 SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 19, 2007 @21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later Podcasts for the week of Nov. 12, 2007 @26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy @21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly – Windows Vista a year later Senior News Writer Bill Brenner talks to security analyst Rich Mogull and Microsoft's Shanen Boettcher about the ongoing compatibility challenges of Windows Vista and what's next. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 26, 2007 @21786 Security Wire Weekly -- Nov. 28, 2007 SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 19, 2007 @21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later Podcasts for the week of Nov. 12, 2007 @26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy @21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Nov. 26, 2007
@21786 Security Wire Weekly -- Nov. 28, 2007 SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 19, 2007 @21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later Podcasts for the week of Nov. 12, 2007 @26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy @21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Nov. 19, 2007
@21786 Security Wire Weekly -- Nov. 21, 2007 Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> Countdown: What Could PCI DSS 2.0 bring? This week's featured podcast is from SearchSecurity.com's Compliance School. Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0." Listen to Countdown: What Could PCI DSS 2.0 bring? Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later
Podcasts for the week of Nov. 12, 2007
@26651 Fact or fiction: Don't Forget About Your Intellectual Property This week's featured podcast is from SearchSecurity.com's Data Protection School. Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret. Listen to Fact or fiction: Don't Forget About Your Intellectual Property Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy
@21787Threat Monitor -- Nov. 15, 2007 iPhone security in the enterprise: Mitigating the risks Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Nov. 14, 2007 Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Nov. 5, 2007 @21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Nov. 5, 2007
@21786 Security Wire Weekly: CSI 2007 coverage Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> Security Newsmaker: Eugene Kaspersky Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks. Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
--> --> --> --> --> -->
Download MP3 Podcasts for the week of Oct. 29, 2007 @21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Oct. 29, 2007
@21787Threat Monitor -- Nov. 1, 2007 iPhone security in the enterprise: Mitigating the risks Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Oct. 31, 2007 Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 22, 2007 @21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Oct. 22, 2007
@21786 Security Wire Weekly -- Oct. 24, 2007 Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news. Download MP3 | Subscribe to Security Wire Weekly @26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure Podcasts for the week of Oct. 15, 2007 @21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@26651 Fact or Fiction: How to Layer Security Within your Messaging Architecture This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School. John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths. Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture Check out the rest of John Burke's lesson: Securing the converged infrastructure
Podcasts for the week of Oct. 15, 2007
@21787Threat Monitor -- Oct. 18, 2007 Developing a patch management policy for third-party applicationsEnterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Oct. 17, 2007 Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Oct. 8, 2007 @37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS). Download MP3 @21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Oct. 8, 2007
@37857Security Squad: Virtualization security; iPhone attacks; PCI DSS The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS).
@21786 Security Wire Weekly -- Oct. 10, 2007 Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> Hot Type -- Oct. 9, 2007 Virtual Honeypots: From Botnet Tracking to Intrusion Detection In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
--> --> --> --> --> --> --> --> -->
Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets. Podcasts for the week of Oct. 1, 2007 @21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets.
Podcasts for the week of Oct. 1, 2007
@21787Threat Monitor -- Oct. 4, 2007 How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success. Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Oct. 3, 2007 Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw. Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level. Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@33277Security Newsmaker: Pedram Amini Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level.
Download MP3 Podcasts for the week of Sept. 24, 2007 @21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Sept. 24, 2007
@21786 Security Wire Weekly -- Sept. 26, 2007 Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news. Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 17, 2007 @21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Sept. 17, 2007
@21787Threat Monitor -- Sept 20, 2007 Windows Update attacks: Ensuring malware-free downloads Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Sept. 19, 2007 University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Sept. 10, 2007 @21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Sept. 10, 2007
@21786 Security Wire Weekly -- Sept. 12, 2007 Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services. powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- Sept. 11, 2007 Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services.
powered by ODEO Download MP3 After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims. Podcasts for the week of Sept. 3, 2007 @21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims.
Podcasts for the week of Sept. 3, 2007
@21787Threat Monitor -- Sept 6, 2007 Fight viruses with your USB flash drive Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Sept. 5, 2007 TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft. powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@33277Security Newsmaker: Window Snyder Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft.
powered by ODEO Download MP3 Podcasts for the week of Aug. 27, 2007 @21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Aug. 27, 2007
@21786 Security Wire Weekly -- Aug. 29, 2007 Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 20, 2007 @21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Aug. 20, 2007
@21786 Security Wire Weekly -- Aug. 22, 2007 Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Aug. 13, 2007 @21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Aug. 13, 2007
@21787Threat Monitor -- August 16, 2007 Finding malware on your Windows box (using the command line) Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- Aug. 15, 2007 This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process. Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- Aug. 14, 2007 Fuzzing: Brute Force Vulnerability Discovery Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process.
Download MP3 After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks. Podcasts for the week of Aug. 6, 2007 @21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007. Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks.
Podcasts for the week of Aug. 6, 2007
@21786 Security Wire Weekly -- Aug. 8, 2007 David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007.
@21786 Security Wire Weekly, Black Hat Special Edition Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 30, 2007 @21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of July 30, 2007
@21787Threat Monitor -- August 2, 2007 Metamorphic malware sets new standard in antivirus evasion Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007 In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly special: Security expert calls Web services research lacking Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi. powered by ODEO Download MP3 Podcasts for the week of July 23, 2007 @21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@37857Security Squad: Apple iPhone security, Google's security moves SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi.
powered by ODEO
Podcasts for the week of July 23, 2007
@21786 Security Wire Weekly -- July 25, 2007 Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 16, 2007 @21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of July 16, 2007
@21787Threat Monitor -- July 18, 2007 Unified communications infrastructure threats and defense strategies Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- July 18, 2007 Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of July 9, 2007 @21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of July 9, 2007
@21786 Security Wire Weekly -- July 11, 2007 Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks. @32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance. powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position. Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks.
@32656 Hot Type -- July 10, 2007 Security Metrics: Replacing Fear, Uncertainty, and Doubt In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance.
powered by ODEO Download MP3 Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization Podcasts for the week of July 2, 2007 @21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation. powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization
Podcasts for the week of July 2, 2007
@21787Threat Monitor -- July 5, 2007 Investigating logic bomb attacks and their explosive effects There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise Podcasts for the week of June 25, 2007 Burton Group Catalyst Conference 2007 Coverage: @21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@26651 Countdown: Top 5 pitfalls of partner security management This week's featured podcast is from SearchSecurity.com's Compliance School. Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise. Listen to Countdown -- Top 5 consumer authentication technologies on the market today This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise
Podcasts for the week of June 25, 2007
@21786Security Wire Weekly special edition -- Network security; identity management SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly special edition -- PCI audit SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- June 27, 2007 Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of June 18, 2007 @21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of June 18, 2007
@21787Threat Monitor -- June 21, 2007 Mergers and acquisitions: Building up security after an M&A Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786 Security Wire Weekly -- June 20, 2007 This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20)
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops. powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@33277Newsmaker podcast: Gary McGraw In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops.
powered by ODEO Download MP3 Podcasts for the week of June 11, 2007 @21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of June 11, 2007
@21786Security Wire Weekly -- June 13, 2007 Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59)
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51) powered by ODEO @32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more. Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@37857Security Squad: Database security, encryption Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51)
@32656 Hot Type -- June 12, 2007 The Art of Software Security Testing: Identifying Software Security Flaws Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more.
Download MP3 After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection. Podcasts for the week of June 4, 2007 @21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection.
Podcasts for the week of June 4, 2007
@21786Security Wire Weekly -- June 6, 2007 Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56) powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly Special - New hacking technique June 5, 2007 In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56)
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 28, 2007 @26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks @21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of May 28, 2007
@26651 Countdown -- Top 5 consumer authentication technologies on the market today This week's featured podcast is from the Identity and Access Management Security School. In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options. Listen to Countdown -- Top 5 consumer authentication technologies on the market today Check out the rest of Mark Diodati's lesson: Next-generation attacks
@21786Security Wire Weekly -- May 30, 2007 Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 21, 2007 --> --> --> --> Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of May 21, 2007
--> -->
powered by ODEO @21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- May 23, 2007 This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 14, 2007 @37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust. powered by ODEO Download MP3 @21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of May 14, 2007
@37857Security Squad: Patch Tuesday -- May 18, 2007 SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust.
@21787Threat Monitor -- May 17, 2007 Windows Vista security flaws show progress, not perfection Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- May 16, 2007 Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of May 7, 2007 @21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of May 7, 2007
@21786Security Wire Weekly -- May 9, 2007 Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge. Download MP3 Podcasts for the week of April 30, 2007 @37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard. powered by ODEO Download MP3 @21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- May 8, 2007 Endpoint Security In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge.
Podcasts for the week of April 30, 2007
@37857Security Squad Roundtable: Mac hacks -- May 3, 2007 In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard.
@21786Security Wire Weekly -- May 2, 2007 Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks Podcasts for the week of April 23, 2007 @33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43) powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@26651 Top 5 next-generation messaging attacks that antivirus systems can't catch This week's featured podcast is from Messaging Security School. Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect. Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch Check out the rest of Mike Rothman's lesson: The changing threat of email attacks
Podcasts for the week of April 23, 2007
@33601 Security360: Endpoint encryption Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43)
powered by ODEO Download MP3 @21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Apr. 25, 2007 Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@33277Security Newsmaker: Howard Schmidt In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers Podcasts for the week of April 16, 2007 @21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers
Podcasts for the week of April 16, 2007
@21787Threat Monitor -- April 19, 2007 Reputation systems gaining credibility in fight against spam Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway. View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Apr. 18, 2007 Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of April 9, 2007 Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch @21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of April 9, 2007
Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too. Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch
@21786Security Wire Weekly -- Apr. 11, 2007 This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits. powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- April 10, 2007 Counter Hack Reloaded This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits.
powered by ODEO Download MP3 Podcasts for the week of April 2, 2007 @21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of April 2, 2007
@21787Threat Monitor -- April 5, 2007 Polymorphic viruses call for new antimalware defenses Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Apr. 4, 2007 Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 26, 2007 @21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of March 26, 2007
@21786Security Wire Weekly -- Mar. 28, 2007 This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 19, 2007 @21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of March 19, 2007
@21786Security Wire Weekly -- Mar. 21, 2007 This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design. powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- March 20, 2007 Software Security -- Identifying software security flaws and bugs In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design.
powered by ODEO Download MP3 @32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development. powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- March 20, 2007 Software Security -- The three pillars "Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development.
powered by ODEO Download MP3 Podcasts for the week of March 12, 2007 @21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices. powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of March 12, 2007
@21787Threat Monitor -- March 15, 2007 Plentiful VoIP exploits demand careful consideration Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45) powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@33601 Security360: SOA and Web Services Security SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45)
powered by ODEO Download MP3 @21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Mar. 14, 2007 Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of March 5, 2007 Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions @33277Security Newsmaker: Greg Garcia In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of March 5, 2007
Countdown: Top 5 mobile spyware misconceptions Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths. Listen to Countdown: Top 5 mobile spyware misconceptions
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers @21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Mar. 7, 2007 This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Mar. 5, 2007 In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 26, 2007 @21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of February 26, 2007
@21787Threat Monitor -- March 1, 2007 The security risks of Google Notebook Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 28, 2007 This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 19, 2007 @33277 Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of February 19, 2007
Security Newsmaker: David Maynor In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43)
HIGHLIGHTS: 1:13 - Some people complained that Apple was being unfairly targeted. 2:51 - The flaws discovered as a result of the Black Hat presentation. 4:47 - The response from security vendors when notified of a wireless problem. 8:41 - Maynor explains the biggest threats to enterprises. 11:00 - Newsmaker rapid-fire Q&A. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 21, 2007 This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 12, 2007 @21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of February 12, 2007
@21787Threat Monitor -- February 15, 2007 Pod slurping: The latest data threat Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 14, 2007 This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of February 5, 2007 @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of February 5, 2007
@21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 8, 2007 RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 8, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 7, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 7, 2007 Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 6, 2007 In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly @32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it. powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@32656 Hot Type -- February 5, 2007 Defensible Network Architecture Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it.
powered by ODEO Download MP3 @21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Feb. 5, 2007 In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 29, 2007 @21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Jan. 29, 2007
@21787Threat Monitor -- February 1, 2007 Is the CAN-SPAM Act a help or a hindrance? Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Jan. 31, 2007 This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 22, 2007 @21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Jan. 22, 2007
@21786Security Wire Weekly -- Jan. 24, 2007 This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 15, 2007 @21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them. Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Jan. 15, 2007
@21787Threat Monitor -- January 18, 2007 Ten emerging malware trends for 2007 From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them.
@21786Security Wire Weekly -- Jan. 17, 2007 This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 8, 2007 @21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Jan. 8, 2007
@21786Security Wire Weekly -- Jan. 10, 2007 This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly Podcasts for the week of Jan. 1, 2007 @21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007. powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
Podcasts for the week of Jan. 1, 2007
@21787Threat Monitor -- January 4, 2007 Eight top information security events of 2006 From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007.
powered by ODEO Download MP3 | Subscribe to Threat Monitor @21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
@21786Security Wire Weekly -- Jan. 3, 2007 Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software.
powered by ODEO Download MP3 | Subscribe to Security Wire Weekly INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts More News and Tutorials Articles Information security podcasts: 2006 archive Information security podcasts: 2008 archive Microsoft Windows Vista challenges, pitfalls ISM 10th anniversary: Online features Podcast: Mobile device threats are real, white-hat hacker says Podcast: Mobile device threats are real, white-hat hacker says Security Squad: Debating FISA, fighting cybercrime Security Wire Weekly: Shrinking IT security budgets Security Squad: Beware of the mighty cyberattack SAP TechEd 2007 Las Vegas: SearchSAP.com Special Report Related glossary terms Terms for Whatis.com - the technology online dictionary backscatter body scanning mobile security (wireless security) NCSA Palladium marketecture (or marchitecture) This was first published in December 2007
INFORMATION SECURITY PODCAST ARCHIVES 2008 podcasts 2007 podcasts 2006 podcasts 2005 podcasts
Terms for Whatis.com - the technology online dictionary
This was first published in December 2007
Security Management Strategies for the CIO
