Take 1 Security Podcast: Episode 9

START CONTENT

• Sorry about the audio last week; wireless headsets don’t compare to the Yeti

• The CIA is focusing on cyberespionage in its new management

• Anthem is refusing an audit by the OIG office–an org that audits health care groups that provide services to federal employees

  • Nothing says I’m guilty like refusing an audit

  • Reminds me of the Russians refusing the crash investigation in Game of Cards

• There’s been a possible credit card breach at the Mandarin Oriental hotel chain

  • The incident was reported by Brian Krebs

• Three people were indicted in the Epsilon hack

  • Resulted in around 1 billion email addresses being stolen

• Dave Aitel thinks junk hacking is a waste

  • Basically hacking your blender or whatever

  • In my opinion he’s missing the point that most conferences are like this

  • I think there’s a hierarchy of talks

    • Create new defense tool based on new defense idea

    • Create new defense idea

    • Create new attack tool based on new attack idea

    • Create new attack idea

    • Create new tool for existing attack or defense idea

    • Describe existing attack or defense idea

• Microsoft has reported it’s vulnerable to FREAK as well, making it even more serious

  • FREAK has proved to be less alarming than previous SSL vulns simply because of the difficulty of attack

END CONTENT

Play Podcast

Notes

1. I think I’m going to standardize the intro and outro so that I only end up recording the actual story content each week.

2. Any recommendations on what else you’d like to see would be appreciated.