Down the Security Rabbithole Podcast (DtSR)

In this episodeWhat exactly is "GRR"?What sorts of things can GRR do?What is a hunt, and how does it scale across tens of thousands of machines?How does GRR "hide" from malware?How does GRR keep some of the great power it has from being abused?Automating and integrating GRR with external sources and toolsFeatures, functions, capabilities and some magic from GregThe future features, requests, and direction of GRR GuestGreg Castle - Greg has 10 years experience working in computer security. In his current role as Senior Security Engineer at Google, he is a developer and user of the open-source GRR live-forensics system. He also has strong interest and involvement in OS X security, having been responsible for the security of Google's OS X fleet for two years. His pre-Google job roles have included pentester, incident responder, and forensic analyst.LinksGrr Rapid Response - https://code.google.com/p/grr/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Note: I want to thank Will Gragido for stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, I hope you enjoy the show. Topics CoveredDon't like Google Glass (or similar devices) on your network? Kick them off - http://mashable.com/2014/06/04/glassholes-wifi-jamming/The FAA has issued an order for Boeing to 'protect the planes from computer hackers' ... but what is really going on here? - http://www.usatoday.com/story/news/nation/2014/06/06/faa-boeing-737/10066247/APT, APT, APT, APT ... evolved APT? - http://www.csoonline.com/article/2158775/security-leadership/why-you-need-to-embrace-the-evolution-of-apt.htmlAfter getting breached, PF Chang's goes "old school"; sounds legit, right? - http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/Why preparation is a good idea, even when it comes to 'cyber' - http://www.csoonline.com/article/2360748/security-leadership/using-a-cyber-war-exercise-to-improve-your-security-program.htmlFeed.ly gets DDoS'd, extorted and we're mad as hell - http://www.forbes.com/sites/jaymcgregor/2014/06/12/feedly-goes-down-again-in-second-ddos-attack/Target hires a (good) CISO, Brad Maiorino, so why are people getting all bent out of shape over where he reports in the organization? - http://blog.wh1t3rabbit.net/2014/06/getting-wrapped-around-ciso-reporting.html Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

My apologies for some of the skips in this episode - we had some difficulty with the recording and ultimately I hope it doesn't take away from Joe's wonderful message.Thanks for your patience.In this episodeFrom CISO to CIO - making that leapDoes the CISO need to be technical? (answering that question, again)What types of things does a CIO need to know?Who should the CISO report to?Any chance the CISO reporting structure shifts around?A "Chief Data Officer"?Are there too many 'splintered' job titles in the security/risk role?Responsibility, accountability, and where the buck stopsWhat are 3 things security does right, and what are 3 things that we do terribly?How big should your security budget be? (trick question)What KPIs should security be reporting to the CIO? (the hardest question ever)What resources are there for CIOs? GuestJoe Riesberg ( @JoeRiesberg ) - Joe is currently the CIO of Drake University. Previos to his current role, he was the Senior Vice President, Global IT Security Services Director at Aviva plc. His LinkedIn profile can be found here: https://www.linkedin.com/pub/joe-riesberg/1/a81/931Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Note: Today, Kim Halavakoski joined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower. Topics coveredFacebook's next major update will turn your mobile device into an always-on listening tool for FaceBook. This is a good time to remind you that you are the product, not the customer - http://www.ibtimes.com/facebook-microphone-update-store-data-social-media-giant-confirms-new-feature-will-1588916In a blow to security professionals' ego everywhere, investors apparently aren't swayed by data breaches - http://www.businessweek.com/articles/2014-05-23/why-investors-just-dont-care-about-data-breachesThe US's indictment of 5 Chinese nationals for 'state sponsored industrial espionage' is apparently backfiring (or at least it is in the media) - http://www.bloomberg.com/news/2014-05-27/china-said-to-push-banks-to-remove-ibm-servers-in-spy-dispute.htmlNow that there is a hack to enable WinXP SP3 computers to masquerade as Point-of-Sale terminals and receiving updates ...should you even consider this? Hint: NO - http://blog.wh1t3rabbit.net/2014/05/hacking-registry-to-keep-windowsxp.htmlTarget's Audit Committee is under fire for the data breach, but who's really, really at fault? An interesting perspective from Forrester - http://blogs.forrester.com/renee_murphy/14-05-29-dont_blame_targets_audit_committee_for_the_sins_of_technology_managementHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

In this episodeJeff explains the background of the relationship between the US government, ICANN and IANAWhat is the ITU and why is this $0 contract handoff to the ITU such a big deal?What impact did Edward Snowden's actions have on the issue?The potential issues with DNS, cross-border censorship and DNSThe importance of Tor, Freenet and challenges of implementationDiscussing the evolution of services like Tor through "nation-state firewalls"Changing the image of anonymous servicesMaking Tor and similar services more user-friendly, and more prevalentGuest:Jeff Moss ( @TheDarkTangent ) - Jeff, also known as The Dark Tangent, is an American hacker, computer security expert and internet security expert who founded the Black Hat and DEF CON computer Hacker conferences. His Wikipedia page can be found here.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Announcements:I want to thank Circle City Con as a sponsor for the show! I have one more ticket to give away ... so watch the #DtR hashtag on Twitter!Thanks to special guest Philip Beyer for sitting in James' seat this morning... Topics discussed"US charges China with cyber-spying on American firms" (Hello, pot? this is the kettle...) - http://www.nbcnews.com/news/us-news/u-s-charges-china-cyber-spying-american-firms-n108706Should we be thinking about security beyond win/lose (aka "oh no, hackers are winning!") - http://www.csoonline.com/article/2156104/security-leadership/thinking-about-security-beyond-winning-and-losing.htmlRetail Industry Leaders Association (RILA) has launched their own ISAC-like entity called Retail Cyber Intelligence Sharing Center (R-CISC) - http://associationsnow.com/2014/05/retail-group-launches-sharing-tool-cyber-threats/A recent survey tells us that a whopping 43% of all identity theft in 2013 happened in healthcare ( W O W ) - http://www.studentdoctor.net/2014/04/the-rise-of-medical-identity-theft-in-healthcare/Self-driving cars, making life-and-death decisions (this should terrify you) - http://www.wired.com/2014/05/the-robot-car-of-tomorrow-might-just-be-programmed-to-hit-you/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

In this episodeDan gives us the reality of living in what is commonly termed "the post-breach" worldDan and Robin talk through the explosion in the numbers of malware samplesWe discuss the different approaches to malware, crimeware, and the cross-over between themDan explains what "rapid incident response" really means and why it's essentialDan and Robin give us some excellent examples of incident preparedness fundamentalsDan gives us a lesson on implementing 'powerful tools' (and forgetting about them)We talk through "who's doing it well?" (and we don't get a very hopeful answer)Is it time to learn from our own and others mistakes? (how?)Guests:Robin Jackson ( @rjacksix ) - Robin is an incident response and digital forensics specialist for HP Enterprise Security Services.Dan Moore - Dan is an incident response and digital forensics specialist for HP Enterprise Security Services.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Topics dicussedMicrosoft has issued a patch for the massive MS IE flaw - for WindowsXP! - http://arstechnica.com/security/2014/05/microsofts-decision-to-patch-windows-xp-is-a-mistake/Is Open Source Software more or less secure than closed-source? (in a post-Heartbleed era) - http://www.telegraph.co.uk/technology/internet-security/10769996/Heartbleed-the-beginning-of-the-end-for-open-source.htmlTarget's CEO has stepped down, but what's the real reason and is there now opportunity for change? - http://www.usatoday.com/story/money/business/2014/05/05/target-ceo-steps-down/8713847/ and http://www.latimes.com/business/money/la-fi-mo-target-ceo-resigns-20140505,0,4479532.storyBiometrics (specifically fingerprints) aren't as secure or unique as we'd like them to be, so ... paswords? - http://www.telegraph.co.uk/science/science-news/10775477/Why-your-fingerprints-may-not-be-unique.htmlHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

In this episodeWe discuss some of the new techniques auto insurance companies are using to custom-tailor rates to driversOur guest discusses some of the capabilities of the widgets availableOur guest discusses the 'call home' functions, and potential mis-useWe use 'big data' seriouslyWe talk about 'big data' and security - for realOur guest gives us a realistic view about the type of data that's out there about your driving, habits, and trackingGuestOur guest is an industry insider, who for obvious reasons chose not to identify himself. We respect the guest's position, and kindly ask that our listeners do as well.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Topics discussedThe big story - "Heartbleed"http://www.csoonline.com/article/2142626/security-leadership/how-you-need-to-respond-to-heartbleed-and-how-you-can-explain-it-to-others.htmlhttp://www.csoonline.com/article/2146141/disaster-recovery/healthcare-gov-urges-password-resets-due-to-heartbleed.htmlhttp://xkcd.com/1354/http://rt.com/news/heartbleed-arrest-canada-security-016/The "hacker*" known as "Weev" is free ...on a technicality, and why this is bad, very very bad, for our industryhttp://techcrunch.com/2014/04/11/weev-is-free/"Ramshackle Glam" - how one blogger had to go to extraordinary lengths to get her site back, and what you can learn from ithttp://mashable.com/2014/04/02/ramshackle-glam-hacking/The FTP's lawsuit of Wyndham Hotels was allowed to proceed by a federal judge - and why this is a very dangerous precedenthttp://www.fiercegovernmentit.com/story/ftc-lawsuit-over-hotel-chain-data-breach-can-proceed/2014-04-14Data breach roundupMichaels [yes, again] - http://www.business-standard.com/article/news-ani/leading-us-art-store-admits-2-6-mln-credit-cards-at-risk-of-hacking-114041800569_1.htmlSouth Carolina data breach is getting costly (for tax payers) - http://www.therepublic.com/view/story/396a4be862cd485e9248cab7879a3a71/SC--Hacked-Tax-ReturnsHard drive maker LaCie was a victim ...for over a year - http://www.techtimes.com/articles/5672/20140416/lacie-latest-victim-data-theft-ironies-hard-drive-manufacturer-hacked.htm[UK] Cosmetic surgery group hacked, blackmail ensues (yikes!) - Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast