Podcasts

Information security podcasts: 2008 archive

INFORMATION SECURITY PODCAST ARCHIVES
2007 podcasts
2006 podcasts
2005 podcasts

Podcasts for the week of December 29, 2008

--> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> -->

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
Security Wire Weekly: Top security interviews of 2008 (Part 2)
The SearchSecurity.com editors continue their look at the best interviews of 2008.

Download MP3 | Subscribe to Security Wire Weekly





Podcasts for the week of December 22, 2008

@21786 Security Wire Weekly: Top security interviews of 2008 (Part 1)
The SearchSecurity.com team wraps up the year looking back at the most interesting interviews of 2008.

Download MP3 | Subscribe to Security Wire Weekly





Podcasts for the week of December 15, 2008

--> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> -->

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
Threat Monitor -- December 18, 2008
Threat Monitor: How to prevent clickjacking attacks with security policy, not technology
Clickjacking, an emerging hacker technique similar to cross-site scripting, tricks a user into executing malicious commands on a seemingly legitimate or innocent website. John Strand reviews how the attack works, how it compares to cross-site-scripting and why the enterprise response may change your corporate culture.

Download MP3 | Subscribe to our security podcasts

@21786 Security Wire Weekly: Paul Kocher on the state of cryptography
In this podcast, dryptography expert Paul Kocher talks about the search for a new hash algorithm, cryptography challenges ahead and the need for better security in embedded devices.

Download MP3 | Subscribe to Security Wire Weekly



Virtual Criminology Report: Cybercrime vs. Cyberlaw
In this podcast, Neil Roiter, Senior Technology Editor of Information Security magazine interviews David Marcus of McAfee's Avert Labs about how the bad guys are staying ahead and what the good guys can do to catch up.

Download MP3 | Subscribe to all of our security podcasts



Podcasts for the week of December 8, 2008

@21786 Security Wire Weekly: Cybersecurity academia, research feels pinch
In this podcast, Ravi Sandhu, director of the Institute for Cyber Security at the University of Texas at San Antonio, paints a bleak picture of the state of academic security research.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of December 1, 2008

Hot Type -- Dec. 4, 2007
Voice over IP Security
In the latest edition of "Hot Type: Security Books in Audio," author Patrick Park reveals two of the biggest VoIP security myths around.


Download MP3 | Subscribe to "Hot Type" and other security podcasts

After listening to the podcast, read an excerpt from Chapter 2: VoIP Threat Taxonomy.

@21786 Security Wire Weekly: Security software-as-a-service
Companies need to retool their business models for software-as-a-service (SaaS) now, says former Symantec CEO Gordon Eubanks. He is betting on the future of software delivery to be sold in the cloud. Eubanks recently joined the board of Perimeter eSecurity.

Download MP3 | Subscribe to Security Wire Weekly



--> --> -->

-->
-->
-->
Security Newsmakers: RSA wireless security survey
In this edition of the Security Newsmakers podcast, Sam Curry, vice president of RSA's Identity and Access Assurance Group, talks about RSA's annual wireless security survey of New York, London and Paris. The survey revealed rapidly growing wireless LAN deployment in these cities, and the state of the security in place to protect those deployments.

Download MP3 | Subscribe to Security Newsmakers and our other security podcasts



Podcasts for the week of November 24, 2008

@21786 Security Wire Weekly: Virtual patching, Web application security
Web application security expert Ryan Barnett explains why Web servers represent such a fertile ground for hackers, whether developers will begin to create more secure code and the benefits of a technique called virtual patching, which tricks hackers into thinking a Web application has been patched. Barnett is director of security at Breach Security.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of November 17, 2008

@21787Threat Monitor -- November 20, 2008
Threat Monitor: How to stop malware in a 'Flash'
Always innovating, attackers have found ways to mask their malware by placing the code into PDFs and Flash files. The malware often appears to be legitimate ads for products, and it can be particularly hard to analyze. John Strand explains why and demonstrates how to be ready for Flash-based malicious code.

Download MP3 | Subscribe to our security podcasts

@21786 Security Wire Weekly: PCI DSS plagues retail; Thompson retires
Former FBI agent Howard Glavin of IBM's ISS X-Force security team talks about cybersecurity in the retail industry. Also, Symantec CEO John Thompson retires.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of November 10, 2008

@21786 Security Wire Weekly: VoIP security threats
VoIP expert Patrick Park, author of "Voice over IP Security," explains the latest VoIP threats and ways companies can protect their systems from eavesdropping and DDoS attacks. Also a review of Microsoft's latest round of patches with Paul Henry, security and forensics analyst at patching vendor Lumension.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of November 3, 2008

@21786 Security Wire Weekly: Microsoft Security Intelligence Report
In its semiannual Security Intelligence Report, Microsoft says it has seen a significant drop in vulnerabilities discovered in its operating systems. In this podcast, Jeff Williams, principal architect at Microsoft's Malware Protection Center, explains the results of the study.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of October 27, 2008

@21786 Security Wire Weekly: Examining Microsoft's emergency bulletin
Jason Miller, security data team manager at patching vendor Shavlik Technologies, talks about Microsoft's emergency bulletin MS08-067 released last week. Microsoft is now warning that malware exploiting the Microsoft RPC flaw is in the wild.

Download MP3 | Subscribe to Security Wire Weekly



@33277 Anti-Phishing Working Group sees long struggle
In this Security Newsmakers podcast Dave Jevans, chairman of the Anti-Phishing Working Group, talks about the exponential increase in phishing websites, the evolution of the battle against email attacks during the group's first five years and the outlook for the long struggle still ahead.

Download MP3 | Subscribe to Security Wire Weekly and our other security podcasts



--> --> -->

-->
-->
-->
Security Squad: Security pros face difficult times
In this podcast, editors of SearchSecurity.com and Information Security magazine discuss the growing use of managed security services, the sudden increase of SQL injection attacks and the state of secure software development.

Download MP3 | Subscribe to all of our podcasts


Podcasts for the week of October 20, 2008

@21786 Security Wire Weekly: Flawed IRS system prompts security lessons
The Internal Revenue Service deployed two systems despite knowing they contained vulnerabilities, according to a government review. Jack Danahy, chief technology officer and co-founder of Ounce Labs, explains how companies can avoid the security problems associated with system deployments.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of October 13, 2008

@21786 Security Wire Weekly: Identity theft laws, Red Flag rules
In this podcast, Amichai Shulman, founder and CTO of Imperva, examines the latest round of patches issued by Oracle Corp. Also, a new survey from RSA finds security policy is being bypassed by employees. Sean Kline of RSA joins us to talk about the details.

Download MP3 | Subscribe to Security Wire Weekly



Andre Gold on IT security and financial uncertainties
Andre Gold, former director of security at Continental Airlines and former head of security and risk management at ING U.S. Financial Services, talks about how IT security pros should respond to the current financial crisis and the mergers and acquisitions associated with it.

Download MP3 | Subscribe to all security podcasts



@21787Threat Monitor -- October 16, 2008
Threat Monitor: How to detect system management mode (SMM) rootkits
Rootkits were once a system administrator's best friend. Now they have evolved to become an admin's worst nightmare: well-known, surreptitious malware that can provide super user access to an infected machine. Michael Cobb explains how to get rid of rootkitters' latest creation: system management mode (SMM) rootkits.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of October 6, 2008

@21786 Security Wire Weekly: Identity theft laws, Red Flag rules
Scott Mitic of TrustedID talks about the latest Identity theft news and the FTC Red Flag rules for healthcare firms taking affect Nov. 1.

Download MP3 | Subscribe to Security Wire Weekly



Nameless Security Podcast: Adam Shostack on privacy, data breaches and 'The New School of Information Security'
Adam Shostack, a well-respected voice on privacy and security issues, joins Dennis Fisher in this episode of the Nameless Security Podcast to discuss the data breach epidemic, the untimely demise of Zero Knowledge Systems and his new book, "The New School of Information Security."

Download MP3 | Subscribe to all security podcasts



Podcasts for the week of September 29, 2008

@21786 Security Wire Weekly: Oracle DBAs cite lack of security measures
Ian Abramson, president of the Independent Oracle Users Group, discusses the results of a recent survey that finds database security lacking at many companies.

Download MP3 | Subscribe to Security Wire Weekly



@21787Threat Monitor -- October 1, 2008
Threat Monitor: Windows registry forensics: Investigating system-wide settings
Information security forensic investigations can be a big job, but Windows registry command tools can make it easier. From querying autostart programs to getting the goods on every USB device ever connected to a particular Windows machine, these tools can streamline an investigation. Ed Skoudis explains which system-wide commands can aid an investigation.

Download MP3 | Subscribe to our security podcasts

Billy Hoffman on AJAX security and browser attacks
Billy Hoffman of HP is among the top AJAX and JavaScript security experts in the industry. In this podcast he talks about the issues with Google Chrome, why JavaScript is so dangerous and why he dragged a vending machine up several flights of stairs to prove a point in college.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of September 22, 2008

@21786 Security Wire Weekly: Examining McAfee-Secure Computing merger
Paul Roberts, an analyst at the 451 Group, talks about McAfee's $465 million deal to buy Secure Computing and the integration challenges ahead.

Download MP3 | Subscribe to our security podcasts

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of September 15, 2008

@21787Threat Monitor -- September 18, 2008
Threat Monitor: Weaponizing Kaminsky's DNS discovery
The dust has settled since Dan Kaminsky revealed an intriguing -- and now, perhaps, notorious -- DNS exploit at this year's Black Hat briefings. But many organizations are still not patching their internal servers. John Strand explains why this negligence is a big mistake.

Download MP3 | Subscribe to our security podcasts

@21786 Security Wire Weekly: Former bank CISO on encryption
Steven Katz, the former CISO at Citigroup, JP Morgan, and Merrill Lynch, talks about data encryption and the changing role of the CISO. Katz is widely recognized as one of the first CISOs in the security industry.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of September 8, 2008

@21786 Security Wire Weekly: Cybercriminal underground
Yuval Ben-Itzhak of Web security vendor Finjan on the latest cybercriminal activities and a new survey that shows organizations are taking steps to defend against attacks.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of September 1, 2008

@21786 Researcher pushes data sharing
Gadi Evron is revitalizing the Botnets mailing list to get researchers to share more raw data with the security community. In the latest edition of Security Wire Weekly, Evron says information sharing is the key to reducing cybercrime.

Download MP3 | Subscribe to Security Wire Weekly



@21787Threat Monitor -- September 4, 2008
Threat Monitor: Debian: A niche OS with a not-so-niche security flaw
A recently discovered flaw in the Debian version of Linux meant that any OpenSSL keys generated during the past 20 months could be guessed in a matter of hours. But does the vulnerability suggest broader security issues for Linux? Michael Cobb explores the origin of the flaw and what it means for even the non-Debian users.

Download MP3 | Subscribe to our security podcasts


Nameless Security Podcast: Rich Mogull on DLP and homeownership
In this episode of the Nameless Security Podcast, Rich Mogull, the founder of Securosis and a former Gartner analyst, discusses the benefits and limitations of DLP products and how life as a disaster medic prepared him for work as a security analyst.

Download MP3 | Subscribe to all security podcasts



@33277 Self-Defending Networks in 2008
In this Security Newsmakers podcast, Scott Weiss, vice president and general manager of Cisco's Security Technology Group and former IronPort CEO, talks about the state of the self-defending network in 2008 and the impact of the IronPort acquisition over the past 18 months.

Download MP3 | Subscribe to Security Wire Weekly and our other security podcasts



Podcasts for the week of August 25, 2008

@21786 PCI rules to halt WEP, push 802.1x
In this podcast, Bob Russo, general manager of the PCI Security Standards Council, explains the changes ahead in version 1.2 of PCI DSS. The latest version will eliminate WEP and require antivirus software for all operating systems, says Russo.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of August 18, 2008

@21787Threat Monitor -- August 21, 2008
Threat Monitor: Countermeasures against targeted attacks in the enterprise
Security organizations often struggle to compensate for unknowing employees who fall victim to social engineering attacks. It's the unenviable job of information security to prevent that from happening. In this tip, Markus Jakobsson details the ills of social data mining and how technology can help thwart attacks that seek to exploit trusted relationships.

Download MP3 | Subscribe to our security podcasts

@21786 Security Wire Weekly: Security visualization
In this podcast, Raffael Marty, author of Applied Security Visualization, talks about how security visualization techniques can help security pros understand their risks and improve security decisions. Marty focuses his research on data visualization, log management, intrusion detection and compliance. He is chief security strategist at log analysis vendor Splunk Inc.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of August 11, 2008

@21786 Security Wire Weekly: Hackers Are People Too
Ashley Schwartau, director of a new documentary Hackers Are People Too, explains the challenges of making a movie about hackers. The documentary looks at the human side of the hacking community. The film debuted at DEFCON 16.

Download MP3 | Subscribe to Security Wire Weekly



Nameless Security Podcast: The researcher's-eye view of security
Dino Dai Zovi is the featured guest on the second installment of the Nameless Security Podcast with Dennis Fisher. Dai Zovi is a well-respected researcher whose work on Mac OS X security and virtualization has won him acclaim. He's also the information security officer at a financial service company, and in this podcast he talks about the ways his dual roles intersect, the real problems with virtualization and the highlights of Black Hat 2008.

Download MP3 | Subscribe to all security podcasts



Podcasts for the week of August 4, 2008

@21787Threat Monitor -- August 7, 2008
Threat Monitor: Web advertising exploits: Protecting Web browsers and servers
Web browser exploits are nothing new, but few security managers are consciously aware of the threat that Web advertisement exploits represent. Marcos Christodonte II details how attackers use adverts and flaws in Web software to victimize enterprises.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of July 28, 2008

@21786 Security Wire Weekly: Infiltrating Phishers
Security researchers Billy Rios and Nitesh Dhanjani explain how they infiltrated the phishing underground in a preview of their upcoming Black Hat presentation: "Bad Sushi: Beating Phishers at Their Own Game."

Download MP3 | Subscribe to Security Wire Weekly



@33277 Security Newsmaker: Four years of data breaches
Verizon Business went through more than 500 data breach investigations over four years to determine trends in attack vectors and where victim organizations fell down. The findings of its "2008 Data Breach Investigations Report" may surprise you. In the July Security Newsmakers Podcast, SearchSecurity.com's Neil Roiter asks Verizon's Bryan Sartin, managing principal, investigative response, what lessons can be taken from the findings.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of July 21, 2008

@21786 Security Wire Weekly: Virtualization Security Apocalypse
Christofer Hoff, chief security architect, Systems & Technology Division at Unisys, previews his upcoming Black Hat briefing, "The four horsemen of the virtualization security apocalypse." Hoff says virtualization security could prove to be very costly for companies as they try to sort out the new governance, oversight and manageability issues being introduced by the technology.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of July 14, 2008

@21786 Security Wire Weekly - Dan Kaminsky on the DNS Server flaw
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, explains his discovery of a DNS Server flaw that led to a coordinated vendor patch. Also joining is Rich Mogull, founder of independent information security consulting firm Securosis, who discusses flaw disclosure in the wake of the discovery..

Download MP3 | Subscribe to Security Wire Weekly



@21787Threat Monitor -- July 16, 2008
Threat Monitor: Ransomware -- How to deal with advanced encryption algorithms
It's late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don't give in to the cyberterrorists just yet. Mike Chapple explains five ways that you can fight ransomware and recover your files.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of July 7, 2008

@21786 Security Wire Weekly: iPhone mania and enterprise security
Tom Cross, mobile security expert with IBM's X-Force security research team, discusses smartphone security on the heels of Apple's release of iPhone 3G. As more end users bring their smartphones into the workplace, companies need sound mobile security policies and technologies in place for data protection. Cross gives some tips for controlling smartphone use in the enterprise.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of June 30, 2008

@21786 Security Wire Weekly: SQL injection protection
In this podcast, Scott Matsumoto, a secure coding expert with Cigital Inc., explains the tools available to software developers and security pros to protect against SQL injection.

Download MP3 | Subscribe to Security Wire Weekly



@21787Threat Monitor -- July 3, 2008
Hidden endpoints: Mitigating the threat of non-traditional network devices
Organizations have many safeguards in place for network-enabled devices like PCs and servers, but few realize the threat posed by non-traditional devices like printers, physical access devices and even vending machines. Endpoint security expert Mark Kadrich offers up some worst-case scenarios and explains how these and other endpoints can be protected.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of June 23, 2008

@21786 Security Wire Weekly: PCI compensating controls
Mike Rothman, president and principal analyst of Atlanta-based Security Incite, sheds some light on PCI compensating controls. He describes why companies choose a compensating control and how assessors determine if they meet the regulation's security requirements.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of June 16, 2008

@21786 Security Wire Weekly: Risk management standards, secure software coding
Jim Hietala, vice president of security at the vendor standards consortium Open Group, talks about a project underway to develop risk management standards. Also, SearchSecurity.com Executive Editor Dennis Fisher discusses the state of secure software development and whether software vendors will ever certify the security of their products.

Download MP3 | Subscribe to Security Wire Weekly


@21787Threat Monitor -- June 19, 2008
Protecting exposed servers from Google hacks (and Google 'dorks')
Recently, a security professional asked our application security expert, Michael Cobb, "How are phishers using search engines like Google to seek out and hack vulnerable PHP applications?" Cobb explains how to keep phishers from finding your exposed servers and using them to stash stolen data.

Download MP3 | Subscribe to our security podcasts

@37857Security Squad: Rise of managed security services
In this podcast, editors of SearchSecurity.com and Information Security magazine discuss the growing use of managed security services, the sudden increase of SQL injection attacks and the state of secure software development.

Download MP3 | Subscribe to all of our podcasts


Podcasts for the week of June 9, 2008

@21786 Security Wire Weekly: Email security market in flux
Peter Firstbrook, an analyst at Gartner Inc., explains why the email security market is saturated with vendors. Learn which vendors are thriving. Firstbrook gives his take on email security vendor, Tumbleweed and its merger with managed file transfer software and services vendor, Axway.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of June 2, 2008

@21786 Security Wire Weekly: Securing the nation's critical infrastructure systems
In this podcast, Senior Technology Editor Neil Roiter explores the state of security in the power, oil and gas, chemical, water and transportation sectors with Bruce Ahearn, president and CEO of Industrial Defender, which specializes in the security of critical infrastructure systems.

Download MP3 | Subscribe to Security Wire Weekly


@21787Threat Monitor -- June 5, 2008
Windows registry forensics guide -- Investigating hacker activities
The Windows registry can be used as a helpful tool for professionals looking to investigate employee activity or track the whereabouts of important corporate files. In this tip, contributor Ed Skoudis unveils several commands and explains how investigators and administrators can interact with the registry to analyze a compromised system.

Download MP3 | Subscribe to Threat Monitor

Podcasts for the week of May 26, 2008

@21786 Security Wire Weekly: VeriSign defends SSL, EV-SSL
Tim Callan, a product manager for VeriSign's SSL business unit, explains the vendor's response to the OpenSSL vulnerability in Debian-based Linux distributions. He also defends the vendor's Extended Validation Certificate business. Later, Paul Wood, a Senior Analyst at MessageLabs, explains why the latest phishing attacks are targeting a bank's new initiative to "go green."

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of May 19, 2008

@21786 Security Wire Weekly: ING security chief addresses authentication, encryption
Robert Weaver, head of IT security at ING Direct, talks about his bank's authentication methods and new encryption software designed to lock out malware from sniffing customer transactions. The bank has gotten high security marks, but Weaver admits there's more work to do.

Download MP3 | Subscribe to Security Wire Weekly


--> --> --> -->

Security School
-->
Security School
-->
Security School
-->
Security School
-->
Security School
Fact or fiction: Am I a bot or not?
This week's featured podcast is from SearchSecurity.com's Messaging Security School.

Sandra Kay Miller, technical editor for Information Security magazine, puts some of today's biggest botnet myths to rest.
Listen to Fact or fiction: Am I a bot or not?

Check out the rest of Sandra's lesson: Counterintelligence strategies for thwarting email threats.

Podcasts for the week of May 12, 2008

@21786 Security Wire Weekly: Microsoft patches analyzed
Microsoft addressed remote code execution vulnerabilities in its Jet Database Engine and a flaw in its Malware Protection Engine. Which updates should be deployed first? Jason Miller, the security data team manager at Shavlik Technologies, and Don Leatham, director of solutions and strategy at Lumension Security, examine Microsoft's latest round of critical updates.

Download MP3 | Subscribe to Security Wire Weekly


@21787Threat Monitor -- May 15, 2008
More built-in Windows commands for system analysis
Windows command-line tools can be a valuable resource to security professionals charged with the secure configuration of Windows' machines. In this tip, Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis.

Download MP3 | Subscribe to Threat Monitor

Podcasts for the week of May 5, 2008

@21786 Security Wire Weekly: Virtualization security
Simon Crosby, chief technology officer of Citrix Systems, explains why virtualization security should be the job of security vendors. Also, Finjan Chief Technology Officer Yuval Ben-Itzhak describes how data stolen from thousands of personal and business computers were discovered on an unprotected server.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of Apr. 28, 2008

@21786 Security Wire Weekly: Schmidt on winning the cyberwar
Security luminary Howard Schmidt talks about the federal government's efforts in defending against cyberterrorism, how an unstable economy could affect IT security budgets and whether enough security talent exists to defend critical systems.

Download MP3 | Subscribe to Security Wire Weekly


@21787Threat Monitor -- May 1, 2008
Tracing malware's steps with RE:Trace
As application monitoring and troubleshooting becomes more difficult, security professionals are relying on the use of system tools to ease the process. In this tip, contributor Noah Schiffman gives an overview of the new RE:trace framework, and discusses how the tool can be used to discover and exploit application vulnerabilities.

Download MP3 | Subscribe to Threat Monitor

Podcasts for the week of Apr. 21, 2008

@21786 Security Wire Weekly: Project Phantom for virtualization security
Joshua Corman, principal security strategist at IBM, explains how Project Phantom could help protect virtual computing environments.

Download MP3 | Subscribe to Security Wire Weekly



@26651 Countdown: Top five things you can do to lock down your database right now
This week's featured podcast is from SearchSecurity.com's Data Protection School.

Rich Mogull, founder of Securosis, lays out immediate steps that you can take to eliminate common vulnerabilities found in database deployments.
Listen to Countdown: Top five things you can do to lock down your database right now

Check out the rest of Rich's lesson: Database defenses for a new era of threats

Podcasts for the week of Apr. 14, 2008

@21787Threat Monitor -- April 17, 2008
Worst practices: Learning from bad security tips
information security threats expert Ed Skoudis exposes some bad security practices, highlights the common and dangerous misconceptions held by security personnel, and offers insight on how corporations can learn from others' mistakes.

Download MP3 | Subscribe to Threat Monitor

@21786 Security Wire Weekly: More PCI DSS Pain
News Writer Colin Steele of TechTarget's Channel Media Group and Bill Brenner discuss industry rumors that some PCI DSS compliance assessors are pushing particular vendors and products on businesses as the condition for a passing grade.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of Apr. 7, 2008

@21786 Security Wire Weekly: RSA '08 -- Defeating botnets
Ron Teixeira, executive director of the National Cybersecurity Alliance, talks about how a mixture of education and technology could defeat the botnet threat. Also in the news, Michael Chertoff, secretary of the U.S. Department of Homeland Security, addresses RSA Conference attendees.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of Mar. 31, 2008

@21787Threat Monitor -- April 3, 2008
Stopping malware in its tracks
In honor of April Fools' Day, Mike Chapple continues a month-long series that highlights the industry's most common mistakes. One of the major bad habits: a lack of encryption.

Download MP3 | Subscribe to Threat Monitor

@21786 Security Wire Weekly: PCI assessors run amuck?
Bob Russo, general manager of the PCI Security Standards Council, explains what the council is doing to ensure that compliance assessors don't try to force particular vendors and products on businesses as the condition for a passing grade. Meanwhile, the keepers of the Storm Trojan try for an April Fool's prank.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of Mar. 24, 2008

@21786 Security Wire Weekly: Web 2.0 threats
Danny Allan, director of research for IBM's Rational division discusses the future of Watchfire under the IBM umbrella and the latest Web 2.0 threats. Also, NAC vendor, Lockdown Networks closes its doors. Senior News Writer Bill Brenner explains what analysts are saying about Lockdown's demise.

Download MP3 | Subscribe to Security Wire Weekly



@26651 Countdown: Making NAC work with your existing security tools
This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School.

Mike Chapple, a security professional with Notre Dame University, provides real-world stories of security pros that have tried to get their NAC products to play nice with their existing security and networking products.
Listen to Countdown: Making NAC work with your existing security tools.

Check out the rest of Mike's lesson: Using NAC to create a strong endpoint security strategy

Podcasts for the week of Mar. 17, 2008

@21786 Security Wire Weekly: Hannaford security breach
Roger Nebel, director of strategic security for FTI Consulting, discusses the possible causes of the Hannaford supermarket chain data breach and examines the pros and cons of data breach insurance.

Download MP3 | Subscribe to Security Wire Weekly


@21787Threat Monitor -- Mar. 6, 2008
Stopping malware in its tracks
There's no such thing as a cure-all for stopping malware. Effective malware defense demands a keen attention to detail and careful planning. Expert Lenny Zeltser offers a malware-defense blueprint every enterprise can follow, plus plenty of free tools to help along the way.

Download MP3 | Subscribe to Threat Monitor

Podcasts for the week of Mar. 10, 2008

@21786 Security Wire Weekly: Forrester survey shows NAC interest
Jonathan Penn, vice president and research director at Forrester Research, explains some of the results of his firm's IT security survey. Many IT administrators are expressing interest in deploying network access control, disk encryption and application security technologies. Also, a review of the week's news.

Download MP3 | Subscribe to Security Wire Weekly


@37857Security Squad: Debating FISA, fighting cybercrime
The SearchSecurity.com editorial team discuss the ongoing fracas over the Foreign Intelligence Surveillance Act (FISA), the government's role in fighting cybercrime and the security risks associated with virtualization software.

Download MP3



Podcasts for the week of Mar. 3, 2008

@21786 Security Wire Weekly: The risks of bad configuration
Peter Bamber, vice president of IT security services at Security Management Partners, talks about the huge risks he has come across as a result of badly configured networks.

Download MP3 | Subscribe to Security Wire Weekly


@21787Threat Monitor -- Mar. 6, 2008
Built-in Windows commands to determine if a system has been hacked
Ed Skoudis identifies five useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked.

Download MP3 | Subscribe to Threat Monitor

Podcasts for the week of Feb. 25, 2008

@21786 Security Wire Weekly: Sophos CTO discusses NAC market
Richard Jacobs, the chief technology officer of antimalware vendor Sophos, describes a cloudy picture of the NAC market. Also, a review of the week's news.

Download MP3 | Subscribe to Security Wire Weekly



@26651 Countdown: Top five ways to sell NOC/SOC integration to upper management
This week's featured podcast is from SearchSecurity.com's Integration of Networking and Security School.

Sasan Hamidi, chief information security officer for Interval Internation in Miami, counts down 5 Ways to convince execs to integrate their networking and security operations centers.
Listen to Countdown: Top five ways to sell NOC/SOC integration to upper management

Check out the rest of Sasan's lesson: Marrying security and network management

Podcasts for the week of Feb. 18, 2008

@21786 Security Wire Weekly: Security market consolidation
This week, Colin Steele, of SearchITChannel.com, talks about the impact security market consolidation is having on the reseller community. Meanwhile, researchers take aim at the latest Microsoft vulnerabilities.

Download MP3 | Subscribe to Security Wire Weekly


Podcasts for the week of Feb. 11, 2008

@21786 Security Wire Weekly: The state of the NAC market
Information Security magazine's Neil Roiter discusses the state of the network access control market. Also a review of the week's news.

Download MP3 | Subscribe to Security Wire Weekly




Security360 -- Identity management market
Analyst Mark Diodati describes the leaders of the identity management market; IBM's Joe Anthony explains Big Blue's strategy and Novell's Dale Olds takes on user-centric identity.


powered by ODEO

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of Feb. 4, 2008

@21787Threat Monitor -- Feb. 7, 2008
Data leak prevention from the inside out
Corporate information loss can often be credited to a company's internal organization, or lack thereof. In other words, in order to prevent data leakage, corporations must not only eliminate external threats, but also internal processes that could enable data leakage. In this tip, contributor Noah Schiffman highlights these internal risks as well as some storage-specific DLP issues.

Download MP3 | Subscribe to Threat Monitor

@21786 Security Wire Weekly: Search engine spam rising
This week, researchers from Sunbelt Software and MessageLabs discuss a disturbing increase in search engine spam, and users greet the coming release of Vista SP1 with skepticism.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of Jan. 28, 2008

@26651 Fact or fiction: Involving end users in the compliance program
This week's featured podcast is from SearchSecurity.com's Compliance School.

Richard Mackey, vice president of consultancy SystemExperts, gives listeners the tools that they need to educate end users about the importance of compliance.
Listen to Fact or fiction: Involving end users in the compliance program

Check out the rest of Richard Mackey's lesson: Building a risk-based compliance program

@21786 Security Wire Weekly
Sam Masiello, director of threat management at MS Logic, talks about the reemergence of PDF spam. Also a review of the week's news.

Download MP3 | Subscribe to Security Wire Weekly




Podcasts for the week of Jan. 21, 2008

@21786 Security Wire Weekly: NAC troubles
Dave Bixler, CISO for Siemens IT Solutions and Services, explains why NAC is not ready for prime time -- in his enterprise, anyway. Plus, a review of the week's news.

Download MP3 | Subscribe to Security Wire Weekly



@37857Security Squad: Beware of the mighty cyberattack
The SearchSecurity.com editorial team discusses whether a massive cyberattack will strike in 2008, the Sears spyware issue and NAC's continued evolution.

Download MP3



Podcasts for the week of Jan. 14, 2008

@21787Threat Monitor -- Jan. 17, 2008
Enterprise security in 2008: Malware trends suggest new twists on old tricks
This year's malicious hackers are ready to add new twists to their old tricks. Taking hints from last year's range of cyberattacks and malicious code, information security expert Ed Skoudis reveals five key threats that are likely to dominate headlines in 2008, and how enterprises can prepare in advance.

Download MP3 | Subscribe to Threat Monitor

@21786 Security Wire Weekly: IT security budgets deflate
A new survey shows IT security budgets are shrinking, but one analyst says it's a good sign. Also, a review of the week's news.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of Jan. 8, 2008

@21786 Security Wire Weekly: The end of the security market? This week, RSA's Art Coviello talks about ongoing consolidation in the security market. Meanwhile, a new rootkit threatens Windows users.

Download MP3 | Subscribe to Security Wire Weekly



Podcasts for the week of Jan. 1, 2008

@21786 Security Wire Weekly: Top interviews of '07
Senior News Writer Bill Brenner and News Editor Robert Westervelt discuss their most fascinating interviews of the year.

Download MP3 | Subscribe to Security Wire Weekly



@21787Threat Monitor -- Jan. 3, 2008
Thinking fast-flux: New bait for advanced phishing tactics
Bot herders haven't made millions of dollars by relying on yesterday's botnet techniques. In fact, the bad guys have found an innovative new way to leverage thousands of drone machines; it's called fast flux, and it makes even the largest botnets much harder to take down. Ed Skoudis reviews the pesky botnet tactic and explains how to conduct a fast-flux investigation.

Download MP3 | Subscribe to Threat Monitor


INFORMATION SECURITY PODCAST ARCHIVES
2007 podcasts
2006 podcasts
2005 podcasts

This was first published in January 2009

Back to top