Security Ripcord

Security Ripcord Podcast for April 1st, 2007.

Interview – Mobile Device Security

Time for the Security Ripcord Podcast’s first interview. On March 30th I sat down with Brian Contos and Jonathan Martin and talked with them about Mobile Device Security. Both Brian and Jonathan have been dealing with mobile device security globally with particular emphasis on the European market. We talked about the concerns that these devices bring to the security infrastructure of a company, the lessons learned in Europe, and the things that people can do to help protect themselves. The interview is approximately 30 minutes in length and I hope you enjoy listening as much as I enjoyed having a conversation with both of these security professionals.

Thanks again to Brian and Jonathan.

Links to resources provided by Brian Contos:
Mobile Threats White Paper: http://www.arcsight.com/whitepapers.htm
Other Podcasts: http://www.arcsight.com/news_podcasts.htm
Webcasts: http://www.arcsight.com/news_webinars.htm
Physical and Logical Security Convergence Book (Out around 04.14.2007): http://www.amazon.com/Physical-Logical-Security-Convergence-Enterprise/dp/1597491225/sr=1-1/qid=1170476522/ref=sr_1_1/002-9635074-7152830?ie=UTF 8&s=books
Enemy at the Water Cooler Book: http://www.amazon.com/gp/product/1597491292/sr=8-2/qid=1155909171/ref=sr_1_2/103-9390126-3386224?ie=UTF8

Security Ripcord, Brian Contos, Jonathan Martin, mobile device security

Standard Podcast Play Now | Play in Popup | Download

Security Ripcord Podcast for March 3rd, 2007.

In this week’s Secure Chat segment we talk about how Scope Creep can affect a policy development effort. We discuss how to tell when the policy development process might not be heading in the right direction. I give a few examples that we can use to help get back on track.

In the Personal Achievement segment we discuss the Leadership Trait Decisiveness and what it means to the security professional.

Links:

• Texas Department of Information Resources – http://www.dir.state.tx.us/security/policies/templates.htm
• SANS Security Policy Project – https://www.sans.org/resources/policies/
• SANS Policy Primer – https://www.sans.org/resources/policies/Policy_Primer.pdf
• Security Ripcord Blog Post – HIPAA Training Observations – http://www.cutawaysecurity.com/blog/archives/112

Leadership Trait – Decisiveness
Link to Leatherneck forum:

• http://www.leatherneck.com/forums/showthread.php?t=7702
• http://www.uspharmd.com/usmc/mcleader.htm
• http://millennium.fortunecity.com/redwood/352/usmc16.htm

Security Ripcord

Standard Podcast Play Now | Play in Popup | Download

I am at RSA. I have been here since late Saturday night.

In this podcast I speak about some of the things that happened to me during my travels. I also go over some of the things I learned by attending different sessions.

This is just the first several days. I will continue the RSA On The Run theme through the end of the conference. I will also try and add a few posts once I get some down time.

Also, no links for the show notes right now. I will get you good references later.

Go forth and do good things,
Cutaway

Security Ripcord, RSA

SRP - RSA On The Run - Part 1 Play Now | Play in Popup | Download

Secure Chat

• Palisade PacketSure – http://www.palisadesys.com/products/packetsure/

Leadership Trait – INITIATIVE

• Link to Leatherneck forum: http://www.leatherneck.com/forums/showthread.php?t=7702

integrity, Palisade, PacketSure, Security Ripcord

Standard Podcast Play Now | Play in Popup | Download

Segments:

• News/Updates: Feeds, WordPress 2.1, and RSA
• Secure Chat: Providing Guidance and Recommendations
• Personal Achievement – Leadership Trait: Dependability

Links:

• WordPress 2.1 – http://wordpress.org/development/2007/01/ella-21/
• Secure Admin Plug-in – http://svn.wp-plugins.org/secure-admin/trunk/
• RSA Conference – http://www.rsaconference.com/2007/US/
• Link to Leatherneck forum: http://www.leatherneck.com/forums/showthread.php?t=7702

RSA, WordPress, Security Ripcord

Standard Podcast Play Now | Play in Popup | Download

UPDATE: I deleted a comment and it appears that I deleted the post instead. Sorry about that.

This edition of Security Ripcord Podcast covers the reasons why security professionals should respond to walware in their incident response plan. Cutaway also introduces a new security presentation program called Guided Group Discussions with the first GGD titled "Information Disclosure." He also covers the Leadership Trait – Justice and how it applies to security professionals.

• WordPress: http://www.wordpress.org
• Podpress: http://www.mightyseek.com/podpress/
• Northwestern University – "Guideline for Using Sensitive Data Search Tools": http://www.it.northwestern.edu/policies/procedures/datasearch.html
• Cornell Spider: http://www.cit.cornell.edu/computer/security/tools/
• Guided Group Discussion: Information Disclosure: http://www.cutawaysecurity.com/downloads/cutsec_ggd_info_disclosure_011507.zip
• Link to Leatherneck forum: http://www.leatherneck.com/forums/showthread.php?t=7702

Security Ripcord, Guided Group Discussions

Standard Podcast Play Now | Play in Popup | Download

A new edition of the Security Ripcord Podcast. It has been a long time coming but I figured I would just try and get back into the grove of things. This time I talk about the Skillz Challenges provided through the Ethical Hacker Network and the Leadership Trait: Judgment.

Links:

• Hacker Challenge
• The Ethical Hacker Network – http://www.ethicalhacker.net
• Skillz Challenge – A Christmas (Hacking) Story – http://www.ethicalhacker.net/content/view/100/2/
• Counter Hack Reloaded: http://search.barnesandnoble.com/booksearch/isbninquiry.asp?ISBN=0131481045&pdf=y&z=y
• Leadership Trait – Judgment
• Leatherneck forum: http://www.leatherneck.com/forums/showthread.php?t=7702
• http://www.uspharmd.com/usmc/mcleader.htm
• http://millennium.fortunecity.com/redwood/352/usmc16.htm

I hope you enjoy.

Go forth and do good things, Cutaway

Security Ripcord, Information Security, Skillz Challenge, The Ethical Hacker Network

Security Ripcord Podcast 01082007 [ 0:01 ] Play Now | Play in Popup | Download

Security Ripcord Podcast
Show Notes:
It has been a long time in the making. Moving, traveling, and working have all gotten in the way of the production of this edition. But I seem to have gotten through it. Unfortunately I was unable to introduce Matt, our new co-host, but we are working on getting together real soon. Hopefully the next edition we will bring him on board.

Today we cover my introduction so that you know who I am and where my experience originates. We also introduce two segments, "Secure Chat" and "Leadership Traits." During "Secure Chat" I talk about creating Administrator User Agreements. In the "Leadership Traits" segment I talk about why I believe they are important for a security professional and I introduce you to a method we will be using to talk about them in up and coming episodes.

Please let me know your comments and insights by leaving me a comment here or by sending me an E-mail.

Links:

• USMC Leadership Traits – http://mcdetflw.tecom.usmc.mil/NBC/downloads/usmcleadership.pdf, http://www.emsc.nysed.gov/csl/resources/14_basic_traits.pdf
• ISC2 – CISSP – https://www.isc2.org/cgi-bin/content.cgi?category=97
• GIAC Cerifiction Information – http://www.giac.org/certifications/
• Cutaway Security – http://www.cutawaysecurity.com
• Security Ripcord – http://blog.cutawaysecurity.com

security, SANS, GIAC, administrator, CISSP, Security Ripcord, Cutaway Security

Introductions and Admin User Agreements [ 14:42 ] Play Now | Play in Popup | Download

Welcome to another addition of the Security Ripcord Podcast.  In this episode we talk about the Windows Genuine Software Validation Tool and how to locate and change your Windows Product Key.  We also talk about volunteering to help wounded United States Service Men and Women. 

• Aleethia Foundation
• Project Valor-IT

Please let me know what you think by posting your comments here.  Even though I had some help from Martin McKeay, Dan Kuykendall, and Michael Santarcangelo I still have plenty of learning to do.   

Drinking Game Alert:

• One shot every time I say, "So…."
• Don't play if you are driving.

Yes, I am aware of this fault in my speaking habits and I will be working on it.  I decided to try and speak from notes rather than having the whole episode scripted.  So…hopefully it is not too annoying.

Show Notes:

• Windows Genuine Software Validation Tool 
• Microsoft PowerToys for Windows XP
• Microsoft's sordid spyware SNAFU
• NirSoft
• Magical Jelly Bean Keyfinder
• 
• 
• Belarc Advisor
• 
• 
• Marines' Hymn
• Aleethia Foundation
• Blackfive
• Project Valor-IT

Blackfive, Computerworld, iTunes, security, Nirsoft, BeLarc Advisor, Security Ripcord, Magical Jelly Bean Keyfinder, Windows Genuine Software Validation Tool

Changing the Windows Product Key - Episode 2 [ 0:01 ] Play Now | Play in Popup | Download

First of all I would like to say that I am very impressed with the responses that I have received from the established podcasters out there.  I've had responses from Martin McKeay , Dan Kuykendall , Michael Santarcangelo , and (another new guy on the podcasting block) Alan Shimel.  I contacted them for a few promos so that I can start practicing leadins and I figured that they will get back to me in a few days.  Well, I was about to log off when the emails from the West Coast started coming in.  They started offering advice and suddenly DDOSed my host's server.  Luckily Martin had a solution, LibSyn and a few hours later I was up and running.  Little did I know that he was going to plug me and Alan the next day.  So, what was suppose to be a leisurely introduction into podcasting has built up a bit of steam.  No stopping now.

Luckily, as I stated, I was given a few words of advice that I was told I could pass onto all of you.  

Advice from Martin McKeay:

Some input:

-> Get your podcast to a hosted environment.  Don't try to host them
yourself.  Libsyn accounts start as low as $5 month.  Your current
bandwidth is too low to host the podcast, a problem which is very
clear when I tried to stream it.
->  Show notes!  It makes it a lot easier when you go to record.
-> If you're going to be doing this a while get a decent mic.  I've
heard a lot of good things about the Blue Snowball mic, which is
around $140.  Or you can get a M-audio MobilePre USB preamp and a
decent mic.  I've got a Audio Technica AT2020.  Check out Dan's
podcast setup at Mighty Seek
-> Something I just found out:  Don't export to mp3 from Audacity.
It's a great program but the LAME encoder introduces sound artifacts
into your audio.  Export to a WAV file and then open the file with
iTunes and use that to export to MP3.  I use Audacity to record, but
when I'm doing my encoding, I'm now using Adobe Audition.  As of
today, that is. I've also used Propaganda, which has a demo, is cheap,
but is fairly limited.  It's encoding is also better than Audacity's.

Relax and have fun.

 I have to say that without Dan's Podpress I would have been completely dead in the water.  Even after I DDOSed myself and updated to LibSyn it let me quickly and easily point to the file located on my LibSyn account.

 So, if you are going to try this, I am here to tell you, there is a lot of support in this community.  I'm sure they will be watching me closely.  Hopefully I can contribute.  

Time to start working.   Thanks to all who have listened already. 

Go forth and do good things,

Cutaway 

Podpress, podcast, StillSecure, LibSyn, The Security Catalyst, Network Security Blog, Mighty Seek