Here are some security podcasts from the last week. Feel free to suggest additional ones. There is never a shortage of podcasts on the internet, about the internet.
Security Catalyst 19 The Secrets of Risk Management (With Ron Woerner) 25:33 SC was suggested last week by sometimes co-host [matt yoder]. It’s a nice interview with Woerner about his experience implementing a risk management program at a large company. I was happy to hear about several upcoming security conventions in Omaha (i.e. ones I don’t have to fly to). Michael Santarcangelo does a great job hosting too.
Security Now! #28 Listener Feedback Q&A #4 40:24 [sentinel] corrected me last week; the ARP spoofing show is next week. This episode does maintain some interest because it is structured by listener questions. Leo mentions that he might make his OPML file public since he tracks about 50 sites. I was thinking about doing this. I’ve currently got about 160 sites in Bloglines (I trim the fat from time to time). It’s certainly no comparison to the 500+ monster that the Engadget writers maintain.
PaulDotCom Security Weekly – Episode 16 51:18 was suggested by co-host [Larry Pesce]. This is a pretty fun group podcast. They mentioned a favorite quote by Geer at ShmooCon, “We need security because at any moment the bad guys are only 150ms away; just ping China”. They also pointed out that there is a GPL version of the Spinning Cube of Potential Doom.
CyberSpeak Feb 25 72:08 Lots of interesting stuff coming from the feds. It starts with Mike Younger discussing some of the problems in validating email since Outlook and Lotus Notes both let you edit messages you’ve already received and ones you’ve already sent. They point out a nice deny hosts script to prevent brute force dictionary attacks. Check the entry’s comments for other solutions. They also mentioned that you should check for firmware updates for your firewire write-blocking devices if you want to read the HPA of a drive. The LiveAmmo podcast from last week specifically stated that you should avoid USB and Firewire write-block devices because they might not be able to access HPA.
LiveAmmo: Digital Forensics and Hacking Investigations, Part 3 46:12 is not nearly as dry as it was the previous weeks. It covers the data collection process and what sort of slip-ups might happen. They suggest reading NIST Special Publication 800-61: Computer Security Incident Handling Guide.
SploitCast #007 44:01 As promised last week, this is an interview with Lance James. This is my favorite podcast of the bunch this week. Lance covers many of the techniques that phishers are using. They’ve been going so far as do distributed hosting of their phishing websites on 0wned computers. Lance also talks about the server-side tools he has been developing to fight malware. The burden is being placed on the server since you can’t expect the users to keep themselves safe.
Blue Box #17 41:00 Another week, another excellent VoIP security podcast.
I promised my friends Cara and Brigitte that I would promote their podcast “Catty Girls Discuss” hosted by the local paper. I hadn’t heard it at that point, but the title kinda gives it away. Here are the highlights from the first show: 10:00 they realize they’ve run out of topics, 15:00 they realize they’ve run out of topics, 20:00 they realize they’ve run out of topics. No, it’s not really that bad and can be pretty funny. Direct links to episode one and two.