Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.
Thursday, September 27, 2007
18th episode of The Silver Bullet Security Podcast
Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.
Sunday, September 23, 2007
Saturday, September 22, 2007
Wednesday, September 19, 2007
Today (9/19) is International Talk Like A Pirate Day
Put a parrot on your shoulder, strap on a peg leg, hit the rum and start bellowing "Shiver me Timbers" -- Wednesday is International Talk Like A Pirate Day.
"Pirates of the Caribbean" star Johnny Depp is not the only over-the-top buccaneer allowed to have fun.
September 19 is your once-a-year chance to don an eye patch, sport a ridiculously large hat and keep on saying "Arrrrr.
It all started back in the 1990s as a cult joke between two American friends -- John "Ol Chumbucket" Baur and Mark "Capn Slappy" Summers -- but really took off when syndicated columnist Dave Barry got to hear about their surreal festival.
Monday, September 17, 2007
Crime does pay!
Internet crime has become a major commercial activity, reveals a report by computer security company Symantec.
The report said cyber crime had become increasingly professional and was now a multi-billion dollar industry.
The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.
They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks.
BBC story.
The report said cyber crime had become increasingly professional and was now a multi-billion dollar industry.
The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.
They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks.
BBC story.
Hackers hit US stockbroker TD Ameritrade
Only email addresses? Yea right...
Stock broking firm TD Ameritrade has revealed a breach to one of its databases resulting in the theft of user data.
The company confirmed that, while online account numbers and passwords were not compromised, customer names, email addresses and phone numbers had all been stolen.
The database also contains Social Security numbers, although TD Ameritrade claimed that there is no evidence to suggest that the numbers were among the stolen data.
A spokesperson for the company told vnunet.com that the compromised database stored information on all of the company's 6.3 million customer accounts. It is not yet known how many customers were directly affected.
Story here.
Stock broking firm TD Ameritrade has revealed a breach to one of its databases resulting in the theft of user data.
The company confirmed that, while online account numbers and passwords were not compromised, customer names, email addresses and phone numbers had all been stolen.
The database also contains Social Security numbers, although TD Ameritrade claimed that there is no evidence to suggest that the numbers were among the stolen data.
A spokesperson for the company told vnunet.com that the compromised database stored information on all of the company's 6.3 million customer accounts. It is not yet known how many customers were directly affected.
Story here.
Thursday, September 06, 2007
Osama bin Laden, drove a Canadian-flagged motorcade through two security checkpoints in Sydney
Members of an Australian comedy TV show, one dressed as Osama bin Laden, drove a Canadian-flagged motorcade through two security checkpoints in Sydney Thursday before being stopped near a hotel where U.S. President George W. Bush is staying.
The stunt-embarrassed Sydney police had imposed the tightest security measures in the city's history. The Australian city is hosting a summit of leaders from Pacific Rim countries, including Bush and Canadian Prime Minister Stephen Harper, who arrived Thursday.
Police arrested 11 cast and crew from the TV program, The Chaser's War on Everything, and impounded three vehicles, the Australian Broadcasting Corp., which airs the show, said on its website.
Full story here.Monday, September 03, 2007
The First Amendment, Satellite Imagery and National Security
So what should MS of done?Recently a photograph appeared on the Internet of the propeller on an Ohio-class ballistic missile submarine at Trident Submarine Base in Bangor. A key to the submarine's ability to deploy and remain undetected, propeller designs have been kept under wraps for years, literally. When out of the water, the propellers typically are draped with tarps.
The propeller image appeared on Microsoft's mapping tool, Virtual Earth. It was discovered accidentally by Dan Twohig, a deck officer with the Washington state ferry service who was using the program to examine real estate on the west side of Puget Sound.
More here.
ShmooCon '08
Start planning now... TSG is happy to announce that ShmooCon '08 will take place at the Wardman Park Marriott in Washington DC, February 15-17.
17th episode of The Silver Bullet Security Podcast
Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.
