Information security podcasts: 2007 archive

Listen to past editions of our information security podcasts.

This Content Component encountered an error

Podcasts for the week of Dec. 24, 2007

 

Security Squad: Top IT security trends of '07
The SearchSecurity.com team discusses the top security trends of 2007. The TJX data security breach, PCI DSS, encryption, Storm's growth and sophistication, and industry consolidation dominated the news this year.
 

Download MP3

 

Podcasts for the week of Dec. 17, 2007

 

 

Threat Monitor -- Dec. 20, 2007
Lessons learned from TJX: Best practices for enterprise wireless encryption
The TJX data breach revealed all too well the weaknesses of the Wired Equivalent Privacy security model. The retailer's well-documented compromise of more than 94 million credit card numbers proved that intruders can easily take advantage of unprotected networks. In this tip, Mike Chapple reviews some best practices that will minimize an organization's exposure.
 

Download MP3 | Subscribe to Threat Monitor

 

Security Wire Weekly -- Dec. 19, 2007
Chris Farrow of the PCI Security Vendor Alliance discusses the PCI DSS deadlines, how credit card companies plan to enforce them and how some merchants are getting extensions to comply.
 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Dec. 10, 2007

Security Wire Weekly -- Dec. 12, 2007
PGP Director of Product Management John Dasher talks about the rising cost of security breaches as reflected in the latest Ponemon Institute study. Also Mozilla offers a look at the security enhancements of Firefox 3.
 

Download MP3 | Subscribe to Security Wire Weekly



 

Podcasts for the week of Dec. 3, 2007

Threat Monitor -- Dec. 6, 2007
Cross-build injection attacks: Keeping an eye on Web applications' open source components
Web application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build injection and explains why application architects may need to change their ways.
 

Download MP3 | Subscribe to Threat Monitor

 

Security Wire Weekly -- Dec. 5, 2007
Computer forensics and accounting fraud investigator Michael Kessler of Kessler International discusses the latest threat landscape and how companies are locking down their sensitive data.
 

Download MP3 | Subscribe to Security Wire Weekly



 

Security Wire Weekly – Windows Vista a year later
Senior News Writer Bill Brenner talks to security analyst Rich Mogull and Microsoft's Shanen Boettcher about the ongoing compatibility challenges of Windows Vista and what's next.
 

Download MP3 | Subscribe to Security Wire Weekly



 

Podcasts for the week of Nov. 26, 2007

Security Wire Weekly -- Nov. 28, 2007
SANS Top 20 Project Director Rohit Dhamankar talks about this year's SANS Top 20 attack trends report. Also, a summary of this week's news headlines.
 

Download MP3 | Subscribe to Security Wire Weekly



 

Podcasts for the week of Nov. 19, 2007

Security Wire Weekly -- Nov. 21, 2007
Senior News Writer Bill Brenner joins News Editor Robert Westervelt in a discussion on the Top 5 trends IT security pros should be thankful for in 2007. Also, a review of the week's top stories.
 

Download MP3 | Subscribe to Security Wire Weekly



 

 

Security School
 

Countdown: What Could PCI DSS 2.0 bring?
This week's featured podcast is from SearchSecurity.com's Compliance School.
Diana Kelley, vice president of research firm Burton Group, reveals the top five likely changes in store for "PCI DSS 2.0."
Listen to Countdown: What Could PCI DSS 2.0 bring?

Check out the rest of Diana Kelley's lesson: PCI DSS compliance: Two years later

Podcasts for the week of Nov. 12, 2007

Fact or fiction: Don't Forget About Your Intellectual Property
This week's featured podcast is from SearchSecurity.com's Data Protection School.
Russell L. Jones of Deloitte and Touche explains how to truly protect an enterprise trade secret.
Listen to Fact or fiction: Don't Forget About Your Intellectual Property

Check out the rest of Russell L. Jones' lesson: Executing a data governance strategy

Threat Monitor -- Nov. 15, 2007
iPhone security in the enterprise: Mitigating the risks 
Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schiffman discusses the two most popular and effective types of authentication systems, and unveils the positive and negative aspects of each approach.
 

Download MP3 | Subscribe to Threat Monitor

 

Security Wire Weekly -- Nov. 14, 2007
Senior News Writer Bill Brenner talks with security experts about how to respond to data breaches. Also, a summary of this week's news.
 

Download MP3 | Subscribe to Security Wire Weekly



 

Podcasts for the week of Nov. 5, 2007

Security Wire Weekly: CSI 2007 coverage
Senior News Writer Bill Brenner reports from the Computer Security Institute's CSI 2007 conference. Steve Orrin, director of security solutions at Intel, discusses the importance of building better security into products. Also, a review of the week's top stories.
 

Download MP3 | Subscribe to Security Wire Weekly


 

 

 

 

Security Newsmaker: Eugene Kaspersky
Kaspersky Labs CEO Eugene Kaspersky discusses how his company is adjusting to help users meet the latest threats; and about why Russia -- his home turf -- tends to be at the center of many high-profile malware outbreaks.
 

 

Download MP3

Podcasts for the week of Oct. 29, 2007

Threat Monitor -- Nov. 1, 2007
iPhone security in the enterprise: Mitigating the risks 
Since its flashy launch in June 2007, the Apple iPhone has certainly garnered a great deal of buzz. Almost immediately, hackers searched for exploitable flaws in the product, and they weren't disappointed. In this tip, Ed Skoudis examines iPhone-specific attacks and reveals how organizations can limit their exposure as the popular devices infiltrates the enterprise.
 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Oct. 31, 2007
Security experts discuss whether the TJX data breach illustrates the need to toughen the PCI Data Security Standard.
 

Download MP3 | Subscribe to Security Wire Weekly



 

 

Podcasts for the week of Oct. 22, 2007

Security Wire Weekly -- Oct. 24, 2007
Security researcher Adam Laurie warns of weaknesses in radio frequency identification technology (RFID). The researcher explains how easy it is to copy an RFID tag. Also a look at the week's news.
 

Download MP3 | Subscribe to Security Wire Weekly


 

Fact or Fiction: How to Layer Security Within your Messaging Architecture
This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School.
John Burke, principal research analyst at Nemertes Research, discusses some common unified communications security myths.

Listen to Fact or Fiction: How to Layer Security Within your Messaging Architecture
Check out the rest of John Burke's lesson: Securing the converged infrastructure

Podcasts for the week of Oct. 15, 2007

Threat Monitor -- Oct. 18, 2007
Developing a patch management policy for third-party applications
Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it.
 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Oct. 17, 2007
Paul Henry of Secure Computing warns of a new threat to companies with VoIP and Web 2.0 functionality, and a researcher questions the quality of a recent security update for AOL Instant Messenger. Also: Oracle patches security flaws across its product line.
 

Download MP3 | Subscribe to Security Wire Weekly

 

Podcasts for the week of Oct. 8, 2007

Security Squad: Virtualization security; iPhone attacks; PCI DSS
The SearchSecurity.com editorial team discusses the debate brewing over the security of virtualization in the wake of VMware's success. Other topics include HD Moore's attack platform for the iPhone and the latest struggles with the Payment Card Industry Data Security Standards (PCI DSS).
 

Download MP3

 

Security Wire Weekly -- Oct. 10, 2007
Michelle Stewart, CISO at AirTran Airways, explains how high profile data security breaches and the Payment Card Industry Data Security Standards impact the airline's IT security priorities. Also a review of the week's news.
 

Download MP3 | Subscribe to Security Wire Weekly

 

 

 

Hot Type -- Oct. 9, 2007
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
In the latest edition of "Hot Type: Security Books in Audio," author and Google senior staff engineer Niels Provos explains the cutting-edge technology that can keep an eye on the bad guys. After a quick Q&A, Provos reads from Chapter 6 of his book, Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In his selection, the author reveals how the virtual tools can be used to collect and analyze malware.
 


Download MP3

After listening to the podcast, read an excerpt from Chapter 11: Tracking Botnets.

Podcasts for the week of Oct. 1, 2007

Threat Monitor -- Oct. 4, 2007
How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses 
Enterprise Wi-Fi threats are an ever-present struggle for security managers, and the most simplistic attack methods are often the most effective. In this tip, contributor Noah Schiffman explains how "evil twin" attacks work and why its sister attack method, the multipot, can bypass wireless IPS with remarkable success.
 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Oct. 3, 2007
Code Green CEO Sreekanth Ravi explains why his company is gearing its latest data protection offering toward SMBs. Also, Google fixes a serious Gmail flaw.
 

Download MP3 | Subscribe to Security Wire Weekly



 

Security Newsmaker: Pedram Amini
Pedram Amini, head of TippingPoint's security research group, co-wrote the recently-released book, "Fuzzing: Brute Force Vulnerability Discovery," and recently unveiled the new Sulley fuzzing framework. In this conversation, he talks about the book and explains how the Sulley framework will take fuzzing to the next level.
 

 

Download MP3

Podcasts for the week of Sept. 24, 2007

Security Wire Weekly -- Sept. 26, 2007
Zulfikar Ramzan, senior principal researcher at Symantec, talks about the vendor's Internet Threat Report, including the rising use of crimeware. Also, a review of the week's news.
 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Sept. 17, 2007

Threat Monitor -- Sept 20, 2007
Windows Update attacks: Ensuring malware-free downloads 
Attackers recently discovered how to exploit the Windows Update service to push malware onto targeted systems. Is the new attack possible because of a flaw in Windows Update itself? Or is it because users just aren't being careful? Michael Cobb investigates how malicious hackers have taken advantage of Windows Update. Fortunately, the fix is easier than you think.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Sept. 19, 2007
University of Washington CISO Kirk Bailey talks about AGORA, an alliance of IT security professionals he founded. Also, a look at the latest Windows zero-day flaw and a report on how attackers may be exploiting the widgets Web users take for granted.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Sept. 10, 2007

 

Security Wire Weekly -- Sept. 12, 2007
Eric Schultze, chief security architect of Shavlik Technologies, discusses Microsoft's latest round of updates. Yuval Ben Itzak talks about the growing use of crimeware rootkits.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Hot Type -- Sept. 11, 2007
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
In our latest installment of "Hot Type: Security Books in Audio," Peter Thermos, author and CTO of Palindrome Technologies, reviews the current state of VoIP security. After a brief Q&A, Thermos reads from Chapter 3 of his book, Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures. His selection reveals some of the most common attacks related to telephony services.
 


Download MP3

After listening to the podcast, read an excerpt from Chapter 6: Media Protection Mechansims.

Podcasts for the week of Sept. 3, 2007

Threat Monitor -- Sept 6, 2007
Fight viruses with your USB flash drive 
Information security pros often spend much of their days away from their desks. So when malware strikes -- in the form of a worm, virus or worse -- it can be helpful to have a USB thumb drive loaded up with valuable remediation tools at the ready. In this tip, Ed Skoudis reveals his list of the most important weapons in any portable malware-defense kit -- and they're all free.
 

<

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Sept. 5, 2007
TippingPoint security researcher Pedram Amini explains why the Sulley fuzzing framework is an important development in the quest to uncover software vulnerabilities. Also, a new flaw is found in Firefox and MIT fixes flaws in its widely-used Kerberos program.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Newsmaker: Window Snyder
Mozilla security chief Window Snyder compares the security of her organization to that of her former employer, Microsoft.
 

 

Download MP3

Podcasts for the week of Aug. 27, 2007

Security Wire Weekly -- Aug. 29, 2007
Kerry Bailey, Cybertrust's former senior vice president of global services, discusses his new role heading up the integration of Cybertrust into Verizon. Also, a review of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Aug. 20, 2007

Security Wire Weekly -- Aug. 22, 2007
Cisco's Lynn Lucas talks about her company's wireless security challenges, and eEye Digital Security CEO Kamal Arafeh refutes rumors that his company is struggling.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Aug. 13, 2007


 

Threat Monitor -- August 16, 2007
Finding malware on your Windows box (using the command line) 
Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Aug. 15, 2007
This week, F-Secure's Mikko Hypponen warns that the iPhone could inspire a surge in mobile malware threats. Also, Microsoft releases a mega security update, and TJX reports that costs associated with its massive data breach have soared to $225 million.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Hot Type -- Aug. 14, 2007
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing has evolved into one of today's most effective ways to test software security. Although there is no "correct" approach to the bug-finding technique, every fuzzing method has similar phases. In our latest installment of "Hot Type: Security Books in Audio," SPI Dynamics' security evangelist Michael Sutton reads from Chapter 2 of his book, Fuzzing: Brute Force Vulnerability Discovery, explaining each step in the testing process.
 


Download MP3

After listening to the podcast, read an excerpt from Chapter 21: Fuzzing Frameworks.

Podcasts for the week of Aug. 6, 2007


 

Security Wire Weekly -- Aug. 8, 2007
David Foote of Foote Partners shares his latest research on the value of IT security job skills and certifications. Also a wrap up of the news from Black Hat 2007.
 

Download MP3 | Subscribe to Security Wire Weekly




 

Security Wire Weekly, Black Hat Special Edition
Security researchers Brian Chess and Jacob West of Fortify Software discuss penetration testing, secure software development and their latest book. Also, a researcher warns that attackers could threaten Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by default in the latest Windows OS.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of July 30, 2007


 

Threat Monitor -- August 2, 2007
Metamorphic malware sets new standard in antivirus evasion 
Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly, Black Hat Special Edition for Aug. 2, 2007
In this special Black Hat edition of Security Wire Weekly, PGP creator Phil Zimmermann and Peter Thermos of Palindrome Technologies unveil tools to improve VoIP security.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly special: Security expert calls Web services research lacking
Black Hat 2007 presenter Brad Hill, a principal security consultant with Information Security Partners, said little research is being done to test Web services security. Many holes are going unnoticed, he said.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Squad: Apple iPhone security, Google's security moves
SearchSecurity.com editors discuss the state of Apple iPhone security, Google's continued march into the security market and vulnerability disclosure in the wake of the eBay-like vulnerability auction site, WabiSabiLabi.
 

 

Download MP3

 

Podcasts for the week of July 23, 2007


 

Security Wire Weekly -- July 25, 2007
Chris Haddad, director of technical architecture at the Burton Group, lays out some of the serious threats facing Web services and service oriented architecture development. Also, a review of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of July 16, 2007


 

Threat Monitor -- July 18, 2007
Unified communications infrastructure threats and defense strategies 
Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- July 18, 2007
Amichai Shulman from Imperva describes a flaw his organization discovered in the Oracle E-Business Suite. The flaw was patched Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this week's top IT security news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of July 9, 2007


 

Security Wire Weekly -- July 11, 2007
Security researchers Tom Cross and David Dewey of IBM's Internet Security Systems X-Force research team discuss their team's discovery of the Microsoft Active Directory flaw and Microsoft's latest round of patches. Plus, a summary of the week's IT security news.
 

 

Download MP3 | Subscribe to Security Wire Weekly


Countdown: Plugging the Dam -- Understanding Where and How Content Leaks Mike Rothman of Security Incite provides effective ways to keep your valuable company information from falling into the wrong hands. Learn about outdated data handling policies and what you can do to make sure these situations don't put your organization in an exposed position.
Listen to Countdown: Plugging the Dam -- Understanding Where and How Content Leaks.

 

Hot Type -- July 10, 2007
Security Metrics: Replacing Fear, Uncertainty, and Doubt
In our latest installment of "Hot Type: Security Books in Audio," author and analyst Andrew Jaquith reads from Chapter 8 of his book, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Jaquith explains how professionals can create a comprehensive scorecard that properly assesses an organization's security performance.
 


Download MP3

Need ways to improve the presentation of your security data? Read an excerpt from Chapter 6: Visualization

Podcasts for the week of July 2, 2007

Threat Monitor -- July 5, 2007
Investigating logic bomb attacks and their explosive effects 
There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation.
 

 

Download MP3 | Subscribe to Threat Monitor


 

Countdown: Top 5 pitfalls of partner security management
This week's featured podcast is from SearchSecurity.com's Compliance School.

Corporations are constantly teaming up with businesses and service providers to accomplish various tasks, but can these partnerships make a company more susceptible to corporate data breaches? In this brand-new Compliance School podcast, instructor Richard Mackey examines the top five potential dangers of an extended enterprise.
Listen to Countdown -- Top 5 consumer authentication technologies on the market today
This podcast is part of SearchSecurity.com's Compliance School lesson: Ensuring compliance across the extended enterprise
 

Podcasts for the week of June 25, 2007

Burton Group Catalyst Conference 2007 Coverage:

 

Security Wire Weekly special edition -- Network security; identity management
SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Burton Group vice president Phil Schacter sums up the day's sessions on open and secure network architectures. Conference attendees talk about their security concerns including identity management and risk assessments.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly special edition -- PCI audit
SearchSecurity.com reports from the Burton Group Catalyst Conference in San Francisco. Diana Kelley, vice president and service director at the Burton Group, explains the scope of a PCI audit and how some auditors are pitching products and services. Dan Jones, director of IT at the University of Colorado, explains his school's ongoing PCI compliance initiatives.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- June 27, 2007
Cisco executives discuss the acquisition of security vendor IronPort, plus a look at how one IT shop moved into the Vista fast lane despite compatibility problems.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of June 18, 2007

Threat Monitor -- June 21, 2007
Mergers and acquisitions: Building up security after an M&A 
Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- June 20, 2007
This week, former Microsoft CISO Karen Worstell talks about the current state of security. Also, a summary of this week's news including more consolidation in the security market with HP acquiring SPI Dynamics and PatchLink merging with SecureWave. (Runtime: 19:20)
 

 

Download MP3 | Subscribe to Security Wire Weekly

Newsmaker podcast: Gary McGraw
In this SearchSecurity.com Newsmaker podcast, security luminary Gary McGraw talks about how online gaming threats can affect corporate IT shops.
 

 

Download MP3

Podcasts for the week of June 11, 2007

Security Wire Weekly -- June 13, 2007
Eric Schultze, chief security architect of Shavlik Technologies helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy, founder and chief technology officer of Ounce Labs, discusses Microsoft's proactive security posture and how it has affected security in the software development lifecycle. Also, a summary of this week's news. (Runtime: 26.59)
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Squad: Database security, encryption
Information Security magazine editors Neil Roiter and Michael Mimoso discuss Google's foray into the security market and whether companies should turn to database encryption to meet the PCI Data Security Standard in the wake of the TJX data security breach. Also the editors discuss whether the "month of" security flaw Web sites are helpful in securing software or just shameless publicity by security researchers. And finally, SearchSecurity.com News Writer Bill Brenner provides analysis from the Gartner IT Security Summit in Washington. (Runtime: 23:51)
 

 

Hot Type -- June 12, 2007
The Art of Software Security Testing: Identifying Software Security Flaws
Our "Hot Type: Security Books in Audio" podcast series offers free book excerpts from today's top information security authors. In our latest installment, Chris Wysopal, co-founder and chief technology officer of security firm Veracode, reads from Chapter 2 of the book The Art of Software Security Testing: Identifying Software Security Flaws. The deck is stacked heavily against the software developers, says Wysopal. In this podcast, Wysopal points out the most common software design vulnerabilities. The co-author details cryptography implementation, program attack surfaces, data input validation and much more.
 


Download MP3

After listening to the podcast, read an excerpt from Chapter 11: Local Fault Injection.

Podcasts for the week of June 4, 2007

Security Wire Weekly -- June 6, 2007
Bryan Sartin, Cybertrust's vice president of investigative response, talks about his company's merger with Verizon. Bruce Schneier, chief technology officer of BT Counterpane, and Lloyd Hession, CSO of BT Radianz, talk about life after their mergers with British Telecom. Also, a review of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

 

Security Wire Weekly Special - New hacking technique
June 5, 2007
In an interview at the Gartner IT Summit in Washington, Yuval Ben-Itzhak, chief technology officer of security vendor Finjan, talks about a newly discovered hacking technique used by attackers to avoid detection. (Runtime 3:56)
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of May 28, 2007

Countdown -- Top 5 consumer authentication technologies on the market today
This week's featured podcast is from the Identity and Access Management Security School.

In late 2005, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating single-factor authentication was no longer adequate for securing online banking transactions. This guidance did not specify what types of technologies would meet the requirement, but many vendors have scrambled to develop cost-effective and easy product offerings that can be deployed to the masses. In this podcast, Mark Diodati counts down the top five vendor options.
Listen to Countdown -- Top 5 consumer authentication technologies on the market today
Check out the rest of Mark Diodati's lesson: Next-generation attacks

Security Wire Weekly -- May 30, 2007
Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news.

Snort creator and Sourcefire founder Marty Roesch talks about last year's failed Check Point acquisition and his decision to take Sourcefire public. Also, a summary of this week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of May 21, 2007

 

 

Security360 -- Industry Consolidation
Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01).
 

 

Security Wire Weekly -- May 23, 2007
This week, security consultant Don Ulsch of Jefferson-Wells discusses the risk of blogging on company-owned mobile devices. Also, a summary of this week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

 

Podcasts for the week of May 14, 2007

Security Squad: Patch Tuesday -- May 18, 2007
SearchSecurity.com editors discuss whether Microsoft should abandon Patch Tuesday, whether blogging is a security threat to corporate systems, the state of Wi-Fi security and Verizon's acquisition of CyberTrust.
 

 

Download MP3

 

Threat Monitor -- May 17, 2007
Windows Vista security flaws show progress, not perfection 
Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- May 16, 2007
Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of May 7, 2007

Security Wire Weekly -- May 9, 2007
Mark Allen, a patch analyst with Shavlik Technologies, discusses Microsoft's recent updates, including the zero-day DNS patch and the Exchange and Internet Explorer updates. Plus, a summary of this week's IT security news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Hot Type -- May 8, 2007
Endpoint Security
In our latest installment of "Hot Type: Security Books in Audio," Mark S. Kadrich, president and CEO of The Security Consortium, reads from Chapter 4 of his book Endpoint Security. Kadrich explains how securing an endpoint is easy -- keeping it secure is the real challenge.
 

Download MP3

Podcasts for the week of April 30, 2007

Security Squad Roundtable: Mac hacks -- May 3, 2007
In the debut edition of SearchSecurity.com's Security Squad news-talk podcast, editors debate the growing concern about Apple security and whether Apple really cares about keeping its products secure, the emergence of Google hacking as an enterprise data security threat and the pros and cons of "dumbing down" the PCI Data Security Standard.
 

 

Download MP3

Security Wire Weekly -- May 2, 2007
Sven Krasser from Secure Computing discusses new and dangerous techniques the bad guys are working into image spam. Plus, a summary of this week's IT security news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Top 5 next-generation messaging attacks that antivirus systems can't catch
This week's featured podcast is from Messaging Security School.
Malicious messaging attacks, such as worms and embedded code in Web pages, are wreaking havoc on enterprise IT systems. How do these attacks work and what can you do? In this podcast, guest instructor Mike Rothman counts down the top five next-generation messaging attacks that antivirus systems can't detect.
Listen to Top 5 next-generation messaging attacks that antivirus systems can't catch
Check out the rest of Mike Rothman's lesson: The changing threat of email attacks

Podcasts for the week of April 23, 2007

Security360: Endpoint encryption
Burton Group senior analyst Trent Henry explains the most effective approach to endpoint security and the pros and cons of full disk encryption, Roger Herbst, a senior IT specialist with the Timken Company talks about how he led his company's deployment of full disk encryption on about 5,000 employee laptops, and Charles King, principal analyst of Pund-IT Research discusses Seagate's new encrypted hard drive. (Runtime: 20:43)
 

 

Download MP3

Security Wire Weekly -- Apr. 25, 2007
Steven Adler, leader of IBM's Data Governance Council, talks about how companies can respond to identity theft and data breaches.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Newsmaker: Howard Schmidt
In the third installment of SearchSecurity.com's 2007 Security Newsmakers podcast series, security luminary Howard Schmidt talks about his latest book and about the private sector's role in securing cyberspace.
 

 

Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers

Podcasts for the week of April 16, 2007

Threat Monitor -- April 19, 2007
Reputation systems gaining credibility in fight against spam
Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway.
View the rest of our brand-new Messaging Security School lesson: The changing threat of email attacks.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Apr. 18, 2007
Ed MacNair, CEO of email security vendor Marshal, talks about spam, data breaches and the future of AV. Also, a look at the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of April 9, 2007

Countdown: Top 5 next-generation messaging attacks that antivirus can't catch Mike Rothman of Security Incite Mike Rothman counts down the top five next-generation messaging attacks that antivirus can't catch. Better yet, he tells you how to stop them, too.
Listen to Countdown: Top 5 next-generation messaging attacks that antivirus can't catch

 

Security Wire Weekly -- Apr. 11, 2007
This week security luminary Gary McGraw explains why attacks against online gamers are also a problem for IT shops. Also, a summary of the week's news headlines.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Hot Type -- April 10, 2007
Counter Hack Reloaded
This edition of "Hot Type: Security Books in Audio" features a chapter from the book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, published by Prentice Hall. Listen to security consultant and information security author Ed Skoudis as he explains how to detect application-level Trojan backdoors and even stealthier rootkits.
 

 

Download MP3

Podcasts for the week of April 2, 2007

Threat Monitor -- April 5, 2007
Polymorphic viruses call for new antimalware defenses
Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Apr. 4, 2007
Security researcher Sean Barnum of Cigital, Inc. tells how IT professionals can use a set of attack patterns to keep enterprises a step ahead of digital miscreants. Also, a summary of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 26, 2007

Security Wire Weekly -- Mar. 28, 2007
This week, Secure Computing CTO Paul Judge talks about how former CipherTrust customers are faring nearly nine months after that company was absorbed by Secure Computing. Also, a summary of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 19, 2007

Security Wire Weekly -- Mar. 21, 2007
This week, IT pros talk about how to go from IT geek to security rock star, while industry experts discuss the difficulties of deploying NAC. Also, a summary of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Hot Type -- March 20, 2007
Software Security -- Identifying software security flaws and bugs
In the latest edition of "Hot Type: Security Books in Audio," Cigital CTO Gary McGraw reads a selection from his book Software Security: Building Security In. Download this podcast today to learn about the software issues plaguing software design.
 

 

Download MP3

Hot Type -- March 20, 2007
Software Security -- The three pillars
"Hot Type: Security Books in Audio" continues with Cigital CTO Gary McGraw, as he reads another chapter excerpt from his book Software Security: Building Security In. In this audio podcast, McGraw explains his three-pillar approach to safe software development.
 

 

Download MP3

Podcasts for the week of March 12, 2007

Threat Monitor -- March 15, 2007
Plentiful VoIP exploits demand careful consideration
Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices.
 

 

Download MP3 | Subscribe to Threat Monitor

Security360: SOA and Web Services Security
SearchSecurity.com's Security360 podcast offers fresh perspectives -- from vendors, experts and infosec pros -- on a variety of complex information security issues. In our debut episode, we examine the state of security for service-oriented architectures and Web services. ZapThink analyst Jason Bloomberg offers an overview of the security issues unique to SOA environments, while executives from SAP and Oracle discuss how they address SOA security in their software. (Runtime: 29:45)
 

 

Download MP3

Security Wire Weekly -- Mar. 14, 2007
Michael Sutton of SPI Dynamics introduces a software-testing technique called fuzzing and discusses how it can be applied to the software development cycle. Also, Apple releases a mega-fix, Go Daddy investigates a DDoS attack and IT pros report few daylight-saving time problems.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 5, 2007

Countdown: Top 5 mobile spyware misconceptions
Sandra Kay Miller of Information Security magazine counts down the top five mobile malware myths.
Listen to Countdown: Top 5 mobile spyware misconceptions

 

Security Newsmaker: Greg Garcia
In Episode 2 of our Security Newsmakers podcast series, Information Security magazine's Michael Mimoso and Marcia Savage, ask cyber security chief Greg Garcia about his priorities moving forward and get his take on the current threat environment. Garcia attended RSA Conference 2007 in February and told conference attendees that government, enterprises and academia need to work together to fight growing Internet threats.
 

 

Download MP3 | Subscribe to Security Wire Weekly and Security Newsmakers

Security Wire Weekly -- Mar. 7, 2007
This week, IT professional Alphonse Edouard discusses what he's doing to prepare his company for this weekend's change to daylight-saving time, and whether it will interfere with his security patching. Plus, a troubled McAfee hires a new CEO and Mozilla fixes another Firefox flaw.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- Mar. 5, 2007
In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files. Shulman, chief technology officer and founder of Imperva calls the threat serious and also gives mitigation steps to defend against it.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of February 26, 2007

Threat Monitor -- March 1, 2007
The security risks of Google Notebook
Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Feb. 28, 2007
This week, Senior News Writer Bill Brenner talks to security luminary Howard Schmidt about his new book and recaps the week's news headlines.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of February 19, 2007

Security Newsmaker: David Maynor
In Episode 1 of SearchSecurity.com's Newsmaker podcast series, researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43)
 

HIGHLIGHTS:
1:13 - Some people complained that Apple was being unfairly targeted.
2:51 - The flaws discovered as a result of the Black Hat presentation.
4:47 - The response from security vendors when notified of a wireless problem.
8:41 - Maynor explains the biggest threats to enterprises.
11:00 - Newsmaker rapid-fire Q&A.
 

Download MP3

Security Wire Weekly -- Feb. 21, 2007
This week, IT administrator Susan Bradley discusses the potential security implications of changes to daylight-saving time. Also, a summary of the week's news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of February 12, 2007

Threat Monitor -- February 15, 2007
Pod slurping: The latest data threat
Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Feb. 14, 2007
This week, Yankee Group analyst Andrew Jaquith discusses his new book on security metrics and highlights the themes that emerged from RSA Conference 2007. Also, a discussion about Microsoft's recent batch of patches.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of February 5, 2007

Security Wire Weekly -- Feb. 8, 2007
In this special edition of Security Wire Weekly from RSA Conference 2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- Feb. 8, 2007
RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- Feb. 8, 2007
In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- Feb. 7, 2007
In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros say it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- Feb. 7, 2007
Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reaction to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Security Wire Weekly -- Feb. 6, 2007
In this special Security Wire Weekly edition from RSA Conference 2007, David Drab, principal of Xerox Global services, talks about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Hot Type -- February 5, 2007
Defensible Network Architecture
Check out our first installment of "Hot Type: Security Books in Audio" featuring a selection from the book, Extrusion Detection: Security Monitoring for Internal Intrusions, published by Addison Wesley. Listen to author Richard Bejtlich as he reads a selection from Chapter 2: Defensible Network Architecture. Download this podcast today to learn the components of a defensible network and the strategies necessary to monitor it.
 

 

Download MP3

Security Wire Weekly -- Feb. 5, 2007
In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Jan. 29, 2007

Threat Monitor -- February 1, 2007
Is the CAN-SPAM Act a help or a hindrance?
Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin discusses whether the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Jan. 31, 2007
This week, data security expert David Taylor examines the TJX data breach and explains how companies can avoid a data breach crisis. Listen on your PC or download to your favorite mobile device.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Jan. 22, 2007

Security Wire Weekly -- Jan. 24, 2007
This week, Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer patch bulletins. Also, a summary of the news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Jan. 15, 2007

 

Threat Monitor -- January 18, 2007
Ten emerging malware trends for 2007 
From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this tip, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them.
 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Jan. 17, 2007
This week, Yuval Ben-Itzhak, chief technology officer of Finjan Inc., explains the growing use of dynamic code obfuscation by hackers to hide malicious code. Plus all the week's top information security news.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Jan. 8, 2007

Security Wire Weekly -- Jan. 10, 2007
This week, Andrew Storms of nCircle discusses Microsoft's January patch release. Microsoft is doing the best it can, but concern exists about open Zero-day Word flaws, Storms says.
 

 

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Jan. 1, 2007

Threat Monitor -- January 4, 2007
Eight top information security events of 2006
From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007.
 

 

Download MP3 | Subscribe to Threat Monitor

Security Wire Weekly -- Jan. 3, 2007
Concluding our special edition of Security Wire Weekly, Site Editor Eric Parizo reveals his picks for top information security interviews of 2006. Learn about the growing danger of cross-site scripting attacks; network access control interoperability plans for Cisco's NAC and Microsoft's NAP architectures; and the state of Mac OS security in the enterprise. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software.
 

 

Download MP3 | Subscribe to Security Wire Weekly



 


INFORMATION SECURITY PODCAST ARCHIVES
2008 podcasts
2007 podcasts
2006 podcasts
2005 podcasts
This was first published in December 2007

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close