Security Management Strategies for the CIO
Self-defending
applications
Michael Coates, a volunteer with OWASP is leading a project that helps developers inject code into
applications to give them self-defense
Requires Free Membership to View
mechanisms. Also, Rich Mogull of Securosis on the addition
of security guru Mike Rothman to his firm's research team.
Download MP3 | Subscribe to Security Wire Weekly
Threat
Monitor -- January 12, 2010
Buffer
overflow tutorial: How to find vulnerabilities, prevent attacks
Buffer overflow exploits and vulnerabilities can lead to serious harm to corporate Web
applications, as well as embarrassing and costly data security breaches and system compromises.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of December 29, 2009
Top
cybersecurity stories of 2009 (Part 2)
In part 2 of this two-part Security Squad, security expert and blogger Adam Shostack joins the
SearchSecurity editorial team to talk about the security stories that resonated in 2009. (Part 2 of
2)
Download MP3 | Subscribe to Security Wire Weekly
Top
cybersecurity stories of 2009
Security expert Adam Shostack joins the SearchSecurity.com editorial team to talk about the
cybersecurity stories that had the biggest impact on the security industry in 2009. (Part 1 of
2)
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of December 22, 2009
Howard
Schmidt named to WH post
Howard Schmidt gives his opinion on ongoing federal cybersecurity efforts in a 2008 interview.
Also, Wade Baker of Verizon on the firm's data breach investigations.
Download MP3 | Subscribe to Security Wire Weekly
Threat Monitor -- December 21, 2009
How
to prevent memory dump attacks
Because databases are often encrypted, some attackers have switched to memory dump attacks. Michael
Cobb explains how to protect your unencrypted transactions.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of December 13, 2009
Conficker
worm sill infects millions
Security expert Mikko Hypponen of F-Secure talks about the latest on the Conficker worm. The
Shadowserver Foundation finds up to 7 million machines still infected worldwide. Also, Mozilla
Firefox, Opera and Apple Safari make a list of risky applications. Tom Murphy of Bit9 explains
why.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of December 6, 2009
Microsoft
issues IE security overhaul
Microsoft patched five vulnerabilities including a serious zero-day flaw in Internet Explorer.
Jason Miller of patch management vendor Shavlik Technologies explains the impact.
Download MP3 | Subscribe to Security Wire Weekly
Threat Monitor -- December 7, 2009
Best
practices for (small) botnets
Your enterprise might have a strategy to deal with a large-scale botnet attack, but how would you
deal with a micro-botnet that knows how to bypass antivirus and firewalls? Get botnet help with
this expert advice.
Download MP3 | Subscribe to all of our security podcasts
Podcasts for the week of November 29, 2009
Should
cities demand data breach penalties?
SearchSecurity.com editors discuss Los Angeles' inclusion of a data breach clause in their
contract. Also, the importance of vendor security threat reports and consolidation in the Web
security gateway market.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of November 22, 2009
Threat Monitor-- November 24, 2007
Cut
down on calls to help desk with cybersecurity awareness training
It's no secret that human error accounts for many security blunders. But what's the best way to
implement cybersecurity awareness training in your enterprise to keep employees from clicking on
phishing links or downloading viruses? In this tip, learn how sending out cyber security tips can
help.
Download MP3 | Subscribe to our other security podcasts
Podcasts for the week of November 15, 2009
Metasploit
creator H.D. Moore
Metasploit creator H.D. Moore talks about the future of the attack platform. Also Cisco's Dave
Dalva on security and the Smart Grid.
Download MP3 | Subscribe to Security Wire Weekly
Hot
Type: Surreptitious Software
In this month's "Hot Type" podcast, authors Christian Collberg and Jasvir Nagra talk about why
their book Surreptitious Software is particularly important for security professionals who may not
have a strong interest in code development.
Download MP3 | Subscribe to our other security podcasts
Podcasts for the week of November 8, 2009
Security
certifications pay remains strong
David Foote of Foote Partners on his latest skill and certification research. Security skills
remain strong despite the bad economy.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of October 25, 2009
Security
Squad: Tokenization, Phishing and the Feds
SearchSecurity editors discuss the importance of Microsoft's record breaking number of October
vulnerabilities, the federal government's plan to hire 1,000 cybersecurity pros, the FBI's
crackdown on a massive phishing ring and the latest payment industry tokenization plans.
Download MP3 | Subscribe to our security podcasts
Silon
Trojan strikes Internet Explorer users
Amit Klein, CTO of Trusteer Inc. on a new two-headed Trojan striking Inernet Explorer users to
steal login credentials.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of October 18,2009
Heartland
CIO on PCI, E3 project
Heartland Payment Systems CIO Steve Elefant talks about the processor's new E3 security processes,
end-to-end encryption, deployment and adoption issues.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of October 11, 2009
Nuke
and pave to eradicate botnets
Security researcher Gunter Ollmann of Damballa discusses the scourge of dangerous enterprise
botnets and why the only method to eradicate them is by a method he calls "nuke and pave."
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of October 4, 2009
Exploring
encryption, DLP
Richard Jacobs, chief technology officer of Sophos on encryption for compliance, DLP and the case
for involving end users in security decisions.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of September 27, 2009
Threat Monitor -- October 1, 2009
Threat
Monitor: An enterprise strategy for Web application security threats
People Security founder Hugh Thompson reviews the tools and tactics, from routine assessments to
Web application firewalls, that are essential to an application security strategy.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of September 20, 2009
Digital
forensics, breach incident response
Jim Jaeger, a retired Air Force brigadier general who heads the digital forensics operation at
defense industry giant General Dynamics, explains best practices around data breach response and
digital forensics.
Download MP3 | Subscribe to Security Wire Weekly
Privacy
gone awry
SearchSecurity editors discuss Internet privacy issues, the Apache disclosure, VMworld and Apple
security.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of September 13, 2009
SANS
Top Cybersecurity Risks
Experts discuss the findings of the SANS Institute 2009 Top Cyber Risks Report. The SANS report,
The Top Cyber Security Risks found that IT security professionals are failing to adequately address
client-side application flaws and website vulnerabilities. Meanwhile, cybercriminals are using
spear phishing attacks and automated SQL injection attacks to infect employee machines and
ultimately gain access to company networks.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of September 6, 2009
DNSSEC
– Challenges and pitfalls
Security experts and officials involved in DNSSEC implementations share their successes and the
challenges they face.
Program notes: DNSSEC
deployments gain momentum since Kaminsky DNS bug
Kaminsky interview: DNSSEC
addresses cross-organizational trust and security
Download MP3 | Subscribe to all security podcasts
Podcasts for the week of August 30, 2009
VMworld
2009: Virtualization security
Eric Ogren of The Ogren Group talks about the focus on security fundamentals and some
virtualization technologies that increase security including virtual desktops. Ogren is attending
VMworld this week in San Francisco.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of August 23, 2009
Security
job market heating up
SearchSecurity.com's Carolyn Gibney interviews David Foote of Foote Partners on his latest skills
and certification data. Foote says there's reason for those in the security industry to be
optimistic.
Download MP3 | Subscribe to Security Wire Weekly
Squad:
The QSA and the Heartland breach
Editors discuss the missing federal cybersecurity coordinator, the recent debate over comments made
by Heartland CEO Robert Carr blaming the PCI QSA for the breach and whether the U.S. Marines should
ban social networks.
Download MP3 | Subscribe to all our security podcasts
Podcasts for the week of August 16, 2009
Cyberwarfare
and the enterprise: Is the threat real?
Recently, there has been a great deal of press about massive botnets and killer denial-of-service
attacks. So how concerned should you really be about cyberwarfare? The threat is real, says
contributor Sherri Davidoff, but the underlying problems are weaknesses in our own infrastructure.
Outages can be prevented with a level head and a solid plan.
Download MP3 | Subscribe to our security podcasts
Breach
highlights secure coding needs
Jim Molini, a Microsoft security professional and longtime security expert explains his work as the
key architect of a new secure software certification. Also, Forrester Research analyst Rob Whiteley
talks about weighing risks versus attempting to secure all data.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of August 9, 2009
Microsoft
fixes ActiveX troubles, kill-bit bypass
Security researcher David Dewey of IBM ISS explains his team's discovery of interoperability flaws
affecting Microsoft and third-party vendors. Dewey estimates that as many as 10,000 components on
the Internet may be affected.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of July 26, 2009
Black
Hat 2009: Researchers converge; Conficker update
Michael Mimoso, editor of Information Security magazine and Robert Westervelt, news editor of
SearchSecurity.com discuss what to expect at this year's Black Hat conference. Also, listen to an
interview with Mikko H. Hyppönen of F-Secure. Hyppönen plans to give an update on Conficker during
a presentation at Black Hat. Visit our Black Hat 2009 news coverage page at: searchsecurity.com/blackhat2009
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of July 19, 2009
Serious
Adobe Flash flaw being exploited
Purewire principal researcher Paul Royal explains the ins and outs of the Adobe Flash
vulnerability. The flaw is being exploited via PDF files and drive-by attacks. Adobe said it plans
to fix the flaw by July 30.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of July 12, 2009
Squad: TJX,
Black Hat and Social Security numbers
The SearchSecurity.com editors discuss TJX's settlment with 41 states over its data breach,
Juniper's decision to pull a Black Hat presentation and whether our Social Security numbers are at
risk.
Download MP3 | Subscribe to our security podcasts
Threat
Monitor -- July 16,2009
Software
security threats and employee awareness training
How secure is the software produced today? Is it possible to keep attackers out of your network if
they're determined to get in? What strategies for employee security awareness training are most
effective at stopping malware? Greg Hoglund explains how enterprises can face these challenging
questions in order to strengthen their security programs and keep sensitive data in the right
hands.
Download MP3 | Subscribe to our security podcasts
Microsoft
Patch Tuesday, ActiveX risks
Sheldon Malm and Josh Abraham of Rapid7 explain some of the serious vulnerabilities addressed by
Microsoft this month. Also, Eric Voskuil of BeyondTrust on ways to protect against ActiveX
vulnerabilities. Microsoft has been dealing with a slew of ActiveX flaws of late.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of July 5, 2009
New
Microsoft 0day
Jack Walsh, network IPS program manager for ICSA Labs discusses the latest Microsoft zero-day and
his firm's research into the attack methods. Read the full
story.
Download MP3 | Subscribe to Security Wire Weekly
Threat Monitor -- July 6, 2009
How
to defend against rogue DHCP server malware
Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat
mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy
them.
Download MP3 | Subscribe to all security podcasts
Podcasts for the week of June 28, 2009
Twitter
bugs, DNSSEC and broswer security
Like it or not Web-based social networking services are here to stay. Amit Klein, founder and chief
technology officer of Trusteer talks about the latest Twitter threats, how browser makers are
responding to phishing and other attacks and the adoption of DNSSEC.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of June 21, 2009
Veiled
darknet unveiled; TJX settles dispute
Security researcher Matt Wood of HP talks about a new browser-based darknet he co-developed called
Veiled. Also, Pete Lindstrom of Spire Security on TJX's latest data breach news.
Download MP3 | Subscribe to Security Wire Weekly
Threat
Monitor -- June 22, 2009
When
BIOS updates become malware attacks
Most security pros don't give the system BIOS a second thought, or even a first one, but today's
BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri
Davidoff explains how attackers can plant BIOS malware and how security pros can thwart such
attacks.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of June 14, 2009
Special
Report: How to find jobs in information security
Is the recession holding back your career plans? In this free 30-minute podcast, experts Lee
Kushner and Mike Murray offer infosec job advice that will help you survive and thrive in tough
times.
Download MP3 | Subscribe to our Security Wire Weekly
Click
fraud threatens Web advertising
Click fraud is threatening online advertising, according to experts. This week, Anchor Intelligence
lead scientist Daniel Walling and Richard Sim, vice president of product management talk about how
fraudsters are getting more sophisticated. Also Jeremiah Grossman of WhiteHat Security explains why
it's so easy for people to carry out click fraud.
Download MP3 | Subscribe to our Security Wire Weekly
Podcasts for the week of June 7, 2009
Squad:
Obama, ISP shutdowns and Web security threats
SearchSecurity.com editors discuss the Obama administration's cybersecurity plans, the FTC shutdown
of Triple Fiber Network and what IT security pros can do to address the growing threat posed by the
use of social networks and other Web-based services.
Download MP3 | Subscribe to all security podcasts
Social
networking threats
Security consultant Lenny Zeltser of Savvis Security Consulting Services explains the threats posed
by employee use of social networking websites and what security pros can do to address them.
Zeltser is a faculty member at the SANS Institute. Also, a brief overview of Microsoft Patch
Tuesday.
Download MP3 | Subscribe to Security Wire Weekly
Newsmaker:
Sophos CEO Steve Munford
Steve Munford took over Sophos' leadership as the U.K.-based AV company mounted an aggressive
effort to expand its market share, particularly in North America, against industry giants Symantec
and McAfee. Munford was president of ActiveState when it was acquired by Sophos in 2003 and served
as president for North America from 2003-2005.
In this interview, Information Security magazine's Neil Roiter talks with Munford about the
company's acquisition and integration of encryption vendor Utimaco and Sophos strategy for
leveraging the acquisition to boost sales in North America and Europe. Munford describes how Sophos
engineering culture helps it integrate acquisitions and develop technology in-house.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of June 3, 2009
The
Obama Cybersecurity Plan
Information Security magazine's Michael Mimoso reports on the Obama cybersecurity announcement. He
speaks with security luminary Howard Schmidt, Paul Kocher, chief scientist of Cryptography Research
and Unisys CISO Patricia Titus.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of May 31, 2009
Security
Wire Weekly: Virtualization Security Apocalypse
Christofer Hoff, chief security architect, Systems & Technology Division at Unisys, previews
his upcoming Black Hat briefing, "The four horsemen of the virtualization security apocalypse."
Hoff says virtualization security could prove to be very costly for companies as they try to sort
out the new governance, oversight and manageability issues being introduced by the technology.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of May 24, 2009
White
House cybersecurity czar faces big challenges
Security luminary Bruce Schneier and former cybersecurity czars Amit Yoran and Gregory Garcia share
their views on a possible new White House cybersecurity czar. UK-based Paul Wood, senior analyst at
Symantec's MessageLabs, gives the international perspective.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of May 17, 2009
Threat
Monitor -- May 22, 2009
Cybercrime
and threat management
It's no secret that cybercrime is an ever-growing issue for today's security professionals, but
what roles and responsibilities need to change as a result of the glut in illicit cyber
activity?
In this video, Bill Boni, VP of information security and technology at Motorola, discusses the changing landscape of cybercrime, and how to react to it.
Download MP3 | Subscribe to our security podcasts
Defeating
hackers is hard
Sophos senior security consultant Graham Cluley talks about the antivirus industry, the threat
landscape, the Conficker worm and why it has been difficult to defeat international cybercriminal
gangs.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of May 10, 2009
Squad:
Data breach burn-out
SearchSecurity.com editors discuss whether the Berkeley data breach warranted so much news coverage
and whether people are becoming desensitized to data breaches. Also, Heartland Payment Systems'
push for better industry wide security and whether software vendors should push silent updates to
users.
Download MP3 | Subscribe to Security Wire Weekly
Botnet
threats and countermeasures
AT&T Labs' Brian Rexroad shares how the telecommunications giant detects and defends its
network against botnets. Rexroad talks about the most prevalent botnets being monitored, including
Conficker, how privacy concerns strain detection and eradication efforts and explains how future
technologies could be used to battle the cybercriminals behind the threat. Rexroad is principal
architect at AT&T Labs.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of May 3, 2009
Kodak
CISO on virtualization, compliance
Eastman Kodak CISO Bruce Jones on compliance issues, cloud computing and virtualization use. Also,
security analyst Eric Ogren on virtualization and other trends from the 2009 RSA Conference.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of April 26, 2009
Security
skills and certification pay
SearchSecurity's Carolyn Gibney interviews David Foote of Foote Partners LLC about the firm's
latest skills and certification pay research. Some security skills are holding their own in the
tough economy.
Download MP3 | Subscribe to Security Wire Weekly
Squad:
Federal cybersecurity defenses
In this edition, SearchSecurity editors talk about the electrical grid compromise, restructuring of
the federal cybersecurity authorities, who to blame for the Conficker hype and recent criticisms of
the Payment Card Industry Data Security Standard.
Download MP3 | Subscribe to our security podcasts
Incident
response and forensics
Trend Micro buys Third Brigade. Also Agile Risk Management's Matthew Shannon talks about incident
response best practices, including ways to accelerate the process, how compliance enables better
incident response, and what makes a successful incident response.
Program Links:
Trend Micro to acquire Third Brigade for virtualization: Trend Micro said Third Brigade's technology bolsters its datacenter security strategy by helping its customers protect virtual servers and cloud computing initiatives.
Video:
Security incident response 101: Even the best procedures fail to overcome the stresses in the
initial throes of an incident. Security consultant Lenny Zeltser explains how to run a well
coordinated response.
Download MP3 | Subscribe to Security Wire Weekly
RSA
cryptographer Ari Juels on RFID, encryption
SearchSecurity.com's Neil Roiter interviews well known cryptographer Ari Juels about RFID security,
cloud storage innovations and his new novel.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of April 19, 2009
Kaspersky
sees Internet IDs ahead
Kaspersky Lab CEO Eugene Kaspersky predicts that one day people will need an ID card to access the
Internet. In this wide ranging interview at the 2009 RSA Conference, Kaspersky talks about the
Conficker worm, attacker sophistication and tracking cybercriminals.
Download MP3 | Subscribe to Security Wire Weekly
AJAX
platform injects security
Kyle Adams and Al Huizenga of new startup Mykonos talk about their new platform that injects
security into the software development lifecycle for AJAX applications. Also, security expert David
Mortman on cloud computing.
Download MP3 | Subscribe to Security Wire Weekly
PCI
Council readying new virtualization requirements
In an interview at the 2009 RSA Conference, Troy Leach, technical director of the PCI Security
Standards Council said the organization is exploring ways to address the security challenges with
virtualization and cloud computing. He said new requirements are likely.
Download
MP3 | Subscribe to Security Wire
Weekly
Podcasts for the week of April 12, 2009
RSA
preview: Google makes its case for defending the cloud
Eric Feignebaum, director of security for Google Apps, asserts cloud computing can be as secure as
or even more secure than traditional corporate security. Feigenbaum will participate in a panel at
the 2009 RSA Conference, "Cloud computing – secure enough for primetime today?"
Download MP3 | Subscribe to our security podcasts
RSA
preview: Budget issues to dominate
Andreas Antonopoulos of Nemertes Research, Charles Kolodgy of IDC and Chenxi Wang of Forrester
Research talk about the major trends to dominate the RSA Conference. Shrinking budgets, application
security, virtualization and encryption could dominate the event, the industry analysts said.
Download MP3 | Subscribe to Security Wire Weekly
@33276 Enrique
Salem takes charge at Symantec
Enrique Salem, who took over as Symantec CEO for the retiring John Thompson on April 4, talks about
the Symantec he worked for in the 1990s, the Symantec he inherits today, and the Symantec he
envisions for the future.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of April 5, 2009
Cloud
computing security
Jim Reavis of the Cloud Security Alliance talks about the new organization's goals and the
challenges ahead for cloud computing. Also, David Goldstone of Goodwin Procter on the failure of
data breach class action lawsuits.
Download MP3 | Subscribe to Security Wire Weekly
New
model supports secure software coding
Brian Chess of Fortify Software and Sammy Migues of Cigital talk about the "Building Security In Maturity Model" (BSIMM), a blueprint for
secure software development, a collection of best practices distilled from nine of the best
programs in the world.
Download MP3 | Subscribe to our security podcasts
Threat
Monitor -- April 6, 2009
Short-lived
Web malware: Fading fad or future trend?
Attackers are increasingly spreading their malicious code through fly-by-night websites that seem
legitimate to unsuspecting users, but are actually laden with malware. Marcos Christodonte II
explains how short-lived Web malware works, and how enterprises can use Web filtering, honeytokens
and good policy to mitigate the threat.
Download MP3 | Subscribe to Threat Monitor
Podcasts for the week of March 29, 2009
Is
Conficker worth the hype?
We talk about the hype surrounding the Conficker worm with Pete Lindstrom, research director at
Spire Security. Also, Dave Marcus of McAfee joins us to talk about malware in a down economy.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of March 22, 2009
OWASP
security benchmark study; Mobile threats real?
This week's featured podcast is from SearchSecurity.com's Data Protection
School.
Boaz Gelbord, who heads the OWASP Security Spending Benchmarks project, explains the survey
results. Also, Ivan Arce of Core Security Technologies talks about smartphone threats and
penetration testing.
Download MP3 | Subscribe to Security Wire Weekly
'Hot
Type': The Truth about Identity Theft
In the latest edition of "Hot Type: Security Books in Audio," author Jim Stickley reveals just how
easy it is for a cybercriminal to get access to your employees' passwords.
And don't forget to read an excerpt from Jim Stickley's book: The Truth about Identity Theft.
Download MP3 | Subscribe to our security podcasts
Podcasts for the week of March 15, 2009
Security
incident response tips; L0phtCrack is back
Security expert Lenny Zeltser gives tips on how to appropriately respond to a security incident.
Also, a discussion on the relaunch of L0phtCrack password cracking tool with Chris Wysopal of
Veracode.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of March 8, 2009
Jose
Nazario on botnets, cyberwarfare
(SOURCE Boston 2009) Botnets are being used more frequently to silence political dissenters,
explains Jose Nazario of Arbor Networks. Nazario has been studying the rise of botnets as a tool
used in cyberwarfare.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of March 1, 2009
Threat
Monitor -- March 6, 2009
How
to use (almost) free tools to find sensitive data
No matter how much security awareness training employees get, some of them will still store
sensitive data in insecure places. As a security manager, finding that data becomes of paramount
importance — but how to do it? In this tip, John Soltys offers advice on ways to find insecurely
stored data.
Download MP3 | Subscribe to Threat Monitor
PCI
officials on data breaches, PCI DSS
PCI Council general manager Bob Russo and Council chairman Lib de Veyra talk about the PCI
Council's goals in 2009. Russo is frank about the latest data breaches. Also a discussion about
virtualization security with Steve Herrod of VMware.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of February 22, 2009
Attacks
against SSL
Cryptography expert Taher Elgamal of Axway Inc. defends SSL in the wake of research that bypasses
it. Elgamal's research led to the development of SSL.
Download MP3 | Subscribe to Security Wire Weekly
Threat
Monitor -- February 23, 2009
How
to block adult websites from enterprise users by logging content
Inappropriate content has always been a problem for enterprise security teams. What are some best
practices for blocking adult content and websites from systems? In this security management tip,
learn strategies for keeping users' Web habits in check.
Download MP3 | Subscribe to Threat Monitor
Podcasts for the week of February 15, 2009
Chris
Wysopal on secure coding
Secure coding expert Chris Wysopal talks about dynamic and static testing and the state of secure
software development tools. Wysopal also explains why he's a big proponent of the SANS/CWE Top 25
Dangerous Programming Errors List.
Download MP3 | Subscribe to Security Wire Weekly
Why
top lists don't work
Gary McGraw of Cigital explains why the CWE/SANS Top 25 dangerous programming errors list will fail
to have a major effect on secure software development.
Download MP3 | Subscribe to Threat Monitor
Podcasts for the week of February 8, 2009
Top
cybersecurity priorities for the Obama administration
Core Security's Tom Kellermann, who served on the Commission for Cybersecurity for the 44th
Presidency, talks about President Obama's cybersecurity priorities. Also, Gary McGraw of Cigital
explains why the CWE/SANS Top 25 list won't do much to aid secure software development.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of February 1, 2009
Threat
Monitor -- February 6, 2009
How
Threat Monitor: Are Windows Vista security features up to par?
Expert Michael Cobb explains why attempts to bypass Windows Vista memory protections don't
necessarily mean that the operating system lacks security.
Download MP3 | Subscribe to Threat Monitor
Data
breach cost analysis
Larry Ponemon of the Ponemon Institute explains his firm's Cost of Data Breach study. While costs
are increasing, companies are struggling to avoid a second breach. Also, Henry Helgeson, CEO of
payment processor Merchant Warehouse, talks about PCI and encryption in the wake of the Heartland
breach.
Data breach costs rise as firms brace for next loss: Companies are struggling to prevent data breaches, according to a new survey that found most firms are dealing with multiple breaches.
First
lawsuit filed in Heartland data security breach: A class action lawsuit was filed against
Heartland claiming that the payment processor issued belated and inaccurate statements when it
announced a security breach of its systems.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of Jan. 25, 2009
Microsoft
Conficker dangers ahead
Thomas Cross, X-Force security researcher for IBM ISS, discusses the possible dangers posed by the
Conficker/Downadup worm. Researchers are waiting for the payload.
Program links:
Microsoft Conficker worm hits peak, but payload awaits: Security researchers are fascinated by the spreading Conficker/Downadup worm, but are unsure what kind of damage it will do to corporate networks.
Microsoft RPC worm spreads in corporate networks: A worm, exploiting the Microsoft RPC vulnerability, is wreaking havoc on some corporate networks, according to researchers at security vendor, F-Secure.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of Jan. 18, 2009
Heartland
data security breach
Gartner Analayst Avivah Litan talks about the massive Heartland data security breach. Also, a
discussion with Ernst & Young's Sagi Leizerov on data privacy in the retail industry.
Program links:
Payments processor discloses massive data breach: Company says an intrusion of its processing system may be part of a broader fraud operation.
Study ties fraud losses to Hannaford, TJX breaches: Experts say breach costs are far reaching and could lead banks and merchants to find alternative payment methods.
Download MP3 | Subscribe to Security Wire Weekly
Are
vulnerability lists helpful?
In this edition of Security Squad the editorial team debates the usefulness of the CWE/SANS Top 25
List, the state of virtualization security and they discuss the top cybersecurity news stories of
2008.
Program links:
Security experts identify 25 dangerous coding errors
PCI needs to address virtualization, experts say
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of Jan. 11, 2009
Top
25 dangerous coding errors
Security experts explain the new Top 25 Errors list. Includes Bob Martin of MITRE Corp., Paul
Kurtz, a principal author of the U.S. National Strategy to Secure Cyberspace and application
security testers Jacob West of Fortify Software and Chris Wysopal of Veracode.
Download MP3 | Subscribe to Security Wire Weekly
Podcasts for the week of Jan. 4, 2009
Threat
Monitor -- January 8, 2009
Threat
Monitor: Future security threats: Enterprise attacks of 2009
Will organizations be ready for next year's enterprise security threats? Expert John Strand reviews
what's in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack
techniques.
Download MP3 | Subscribe to Threat Monitor
Network
access control: A look ahead
Patrick Wheeler of Symantec looks back at the market for NAC technologies in 2008 and explains what
he sees ahead in 2009.
Download MP3 | Subscribe to Security Wire Weekly
INFORMATION SECURITY PODCAST ARCHIVES
2008 podcasts
2007 podcasts
2006 podcasts
2005 podcasts
This was first published in December 2009