Podcasts about DEFCON

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard

Alert posture used by the United States Armed Forces

  • 625PODCASTS
  • 1,732EPISODES
  • 1hAVG DURATION
  • 1DAILY NEW EPISODE
  • Oct 20, 2021LATEST

POPULARITY

20112012201320142015201620172018201920202021


Best podcasts about DEFCON

Show all podcasts related to defcon

Latest podcast episodes about DEFCON

CFB Podcast with Herbie, Pollack & Negandhi
Booger on Coach O's Ouster; Hampering Handsomeness; Mid-Week DEFCONs

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Oct 20, 2021 51:28


Booger McFarland and Kevin Negandhi begin the show by expressing their support for Dick Vitale following his cancer diagnoses. Then, Booger shares his thoughts on LSU firing Ed Orgeron, what changed about Orgeron after winning a title, the smoke coming from around the program, his criteria for a new head coach in Baton Rouge and his concerns for the team as it plays out the season. Later, the guys get into Bret Bielema getting a little too real, UCLA-Oregon and Booger's style. Later, Booger doles out mid-week DEFCON levels for Arkansas and Florida.

Iron Sysadmin Podcast
Episode 109b - 3d Printing, VR, Is the face bad for kids? and View Source is a crime

Iron Sysadmin Podcast

Play Episode Listen Later Oct 15, 2021 71:16


Welcome to Episode 109 Announcements Patreon Update fferauu name_pending197 Jérémy Arinomi Andrew Tatro Bruce Robert Matt David S0l3mn Trooper_Ish LiNuXsys666 gimpyb Mark DeMentor Jon Marc Julius Andi J Charles 22532 Iron Sysadmin tier gets a tee-shirt!  Patrons Patreon Merch!  Get your Iron Sysadmin Merch at Teespring! https://teespring.com/stores/ironsysadmin  Support the Iron Sysadmin Podcast AND try out Riverside.fm by using this link: https://riverside.fm/?utm_campaign=campaign_1&utm_medium=affiliate&utm_source=rewardful&via=ironsysadmin  BSides DE - Nov 12/13!  Registration is open! Registration - https://www.eventbrite.com/e/security-bsides-delaware-2021-registration-164012370415 CFP - http://bit.ly/BDECFP21  Defcon 610 Hacker Pubcrawl https://crawl.defcon610.org  Reviews Nothing New Chat [Nate]  Projects https://specialstl.com/product/witchblade-sara-pezzini-fanart/  https://www.malix3design.com/2017/10/sailor-moon-3d-model-for-3d-printing.html   https://www.thingiverse.com/thing:3184441  https://www.thingiverse.com/thing:4768077  Witchblade Model Sailor Moon! Ball Jointed Doll Re-Do Cat Armor Finishing…  https://amzn.to/3DJqopk  Body Putty VR!  No Mans Sky and Beat Saber More 3d printing Music to work by: https://www.youtube.com/watch?v=o33l32ZrIy8 [unclemarc] Playing NMS with Nate Excited about DC610 CTF Doing glow in the dark 3D printing  News The face is back in front of the senate: https://techcrunch.com/2021/09/30/facebook-grilled-in-senate-hearing-over-teen-mental-health/  https://www.zdnet.com/article/for-two-hours-a-large-chunk-of-european-mobile-traffic-was-rerouted-through-china/  The bgp thing with china Nate was trying to remember: View Source is a crime? https://arstechnica.com/tech-policy/2021/10/missouri-gov-calls-journalist-who-found-security-flaw-a-hacker-threatens-to-sue/    Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast  OR https://twitch.tv/IronSysadminPodcast   Discord Community: https://discord.gg/wmxvQ4c2H6  Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin   Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/ 

The WAR RAW Podcast hosted by Wayne Allyn Root
Going Raw and Unfiltered For John Gruden

The WAR RAW Podcast hosted by Wayne Allyn Root

Play Episode Listen Later Oct 15, 2021 36:37


Wayne goes full DEFCON 1 about the firing of Las Vegas Raiders Coach John Gruden and how to the NFL has become soft and very Pu--y like. Then Wayne welcomes Christian Adams who is the President Of The Public Interest Legal Foundation and go unfiltered over Federal Government Mandates.

Paul's Security Weekly TV
Social Engineering Deep Dive, Part 2 - Perry Carpenter - SCW #90

Paul's Security Weekly TV

Play Episode Listen Later Oct 14, 2021 45:51


Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.   Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw90

Paul's Security Weekly
This Is Fascinating - SCW #90

Paul's Security Weekly

Play Episode Listen Later Oct 14, 2021 81:44


Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.   Show Notes: https://securityweekly.com/scw90 Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Security and Compliance Weekly (audio)
This Is Fascinating - SCW #90

Security and Compliance Weekly (audio)

Play Episode Listen Later Oct 14, 2021 81:44


Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.   Show Notes: https://securityweekly.com/scw90 Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A   Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

CFB Podcast with Herbie, Pollack & Negandhi
Deep Dive on the OU QB Situation; How Good Is… ; Mid-Week DEFCONs

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Oct 13, 2021 43:45


Kevin Negandhi and Booger McFarland discuss if a two-loss team will make the College Football Playoff, and whether Spencer Rattler or Caleb Williams is more suited to dance to the rhythm of Lincoln Riley's offense. Then, Kevin asks Booger how good are Cincinnati, Iowa and Kentucky. Later, Booger has mid-week DEFCON levels for Miami and… a player.

Paul's Security Weekly TV
Social Engineering Deep Dive, Part 1 - Perry Carpenter - SCW #90

Paul's Security Weekly TV

Play Episode Listen Later Oct 13, 2021 36:00


Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.   Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw90

Firewalls Don't Stop Dragons Podcast

Today I have the great honor and pleasure of speaking with two luminaries in the field of privacy: Michelle Finneran Dennedy and Melanie Ensign. Between them, they have decades of experience managing privacy processes, policies, technology and communications within dozens of big name tech companies. I get their unique perspective on data privacy and the evolution of how these companies approach the problem of collecting and managing your data. Are things getting better or worse? How can companies earn the trust of their customers? Is data the new oil? And is it an asset or a liability? How can we have social media like Facebook and privacy at the same time? NOTE: I captured WAY more content from these two than I could fit into this one podcast. To get the full interview, become a patron! (And nab yourself a kick-butt challenge coin, too!) Michelle Dennedy was the first CPO for many global IT infrastructure companies including Oracle, McAfee, Intel & Cisco. Michelle is now a partner at Privatus.online and CEO at a Privacy Engineering startup in stealth mode. She is the co-author of The Privacy Engineer's Manifesto and The Privacy Engineer's Companion.  Melanie Ensign is the CEO of Discernible, helping cybersecurity & privacy teams better communicate with business leaders and consumers. She is also part of the DEF CON leadership team. Further Info Discernable: https://discernibleinc.com/ Privatus: https://privatus.online/ The Privacy Engineer's Manifesto: https://www.amazon.com/Privacy-Engineers-Manifesto-Getting-Policy/dp/1430263555 The Rise of Privacy Tech (TROPT): https://www.riseofprivacytech.com/ Privacy is Power (book): https://firewallsdontstopdragons.com/privacy-is-power-review/ The Social Dilemma: https://www.thesocialdilemma.com/ The challenge coin promotion is BACK!! https://firewallsdontstopdragons.com/my-challenge-coins-are-back/Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Casual Conspiracy Podcast
Episode 32 - 5G

Casual Conspiracy Podcast

Play Episode Listen Later Oct 8, 2021 59:34


Casual Conspiracy Podcast Store Join Chris, Matt, and Ibrahim as we enter the 5th installment of government, DEFCON, the rona, meteorologists, corelation vs causation, IoT, 20 billion new devices, data harvesting, toothpaste, and cancer. Join in on the discussion on social media by sharing your thoughts. Recorded on July 13th, 2021 Episode 29 - Seaspiracy & Cowspiracy Email Us: show@casualconspiracypodcast.com Social Media: Casual Conspiracy Podcast Facebook Group Casual Conspiracy Podcast MeWe Group Casual Conspiracy Podcast on Twitter Show Links:

CFB Podcast with Herbie, Pollack & Negandhi
Georgia is a Stack of Hot Cakes; Big Ten Unbeatens; Mid-Week DEFCONS

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Oct 6, 2021 51:17


Kevin Negandhi and Booger McFarland discuss Booger's experience during the lightning delay at SoFi Stadium on Monday Night Football, the four unbeaten teams in the Big 10, why Georgia is the best team in the country, what Booger learned from Dallas Clark about pancakes and the Red River Rivalry. Plus, Booger doles out his DEFCON levels for Texas A&M and LSU.

All Ruby Podcasts by Devchat.tv
RUX: JSX-Style Rails View Components - RUBY 517

All Ruby Podcasts by Devchat.tv

Play Episode Listen Later Oct 6, 2021 73:52


Cameron Dutro joins the Rogues to discuss RUX, a system for managing your View Components in Rails in a similar way to how React uses JSX to manage its Component views. He discusses how it works, how it goes together, and what inspired it. Panel Charles Max WoodDarren BroemmerLuke StuttersValentino Stoll Guest Cameron Dutro Sponsors Dev Influencers AcceleratorRaygun | Click here to get started on your free 14-day trialPodcastBootcamp.io Links GitHub | camertron/ruxPrimer Design SystemViewComponentGitHub | opal/opalMatestackReimagined Rails views using Matestack with Jonas JabariRuby 2.5 allows creating structs with keyword argumentsGitHub: Cameron Dutro ( camertron )Twitter: Кэмерон Дутро ( @camertron ) Picks Cameron- GitHub | camertron/erb2ruxCharles- PodcastBootcamp.ioCharles- JavaScript PicksCharles- Ready Player TwoCharles- Masters of DoomCharles- Top End DevsDarren- Is Ruby DeadDarren- 16 New ML Gems for RubyLuke- GitHub | jeremyevans/sequel_postgresql_triggersLuke- DEF CON 29 - James Kettle - HTTP2: The Sequel is Always WorseLuke- The Wire Valentino- FluxValentino- Add strict_loading mode to optionally prevent lazy loading Contact Charles: Devchat.tvDevChat.tv | FacebookTwitter: DevChat.tv ( @devchattv ) Contact Darren: Twitter: Darren Broemmer ( @DarrenBroemmer ) Contact Luke: GitHub: Luke Stutters ( lukestuts ) Contact Valentino: Doximity Technology BlogWork @ DoximityGitHub: Valentino Stoll ( codenamev )Twitter: V ( @thecodenamev ) Special Guest: Cameron Dutro .

Make Me Smart with Kai and Molly
Facebook goes down. What timing!

Make Me Smart with Kai and Molly

Play Episode Listen Later Oct 5, 2021 17:30


Facebook went down for six hours today. The outage happened a day after a former employee went on national television saying the company has put profits above, well, everything else. We’ll talk about how this could’ve happened and what it meant for global commerce. Plus, the federal debt limit debate is at DEFCON 2, and New Zealand gives up on its yearlong, zero-COVID strategy. And, it’s Fat Bear Week! Here’s everything we talked about today: “Gone in Minutes, Out for Hours: Outage Shakes Facebook” from The New York Times “Battling Delta, New Zealand Abandons Its Zero-Covid Ambitions” from The New York Times Signs the debt limit has turned into DEFCON 2  “Company That Routes Billions of Text Messages Quietly Says It Was Hacked” from Vice   “Hollywood Crew Union Votes to Authorize Strike Against Studios” from The New York Times It’s Fat Bear Week  Read the transcript here. Our show needs your voice! Tell us what you think of the show or ask a question for our hosts to answer! Send a voice memo or give us a call at 508-82-SMART (508-827-6278).

Marketplace All-in-One
Facebook goes down. What timing!

Marketplace All-in-One

Play Episode Listen Later Oct 5, 2021 17:30


Facebook went down for six hours today. The outage happened a day after a former employee went on national television saying the company has put profits above, well, everything else. We’ll talk about how this could’ve happened and what it meant for global commerce. Plus, the federal debt limit debate is at DEFCON 2, and New Zealand gives up on its yearlong, zero-COVID strategy. And, it’s Fat Bear Week! Here’s everything we talked about today: “Gone in Minutes, Out for Hours: Outage Shakes Facebook” from The New York Times “Battling Delta, New Zealand Abandons Its Zero-Covid Ambitions” from The New York Times Signs the debt limit has turned into DEFCON 2  “Company That Routes Billions of Text Messages Quietly Says It Was Hacked” from Vice   “Hollywood Crew Union Votes to Authorize Strike Against Studios” from The New York Times It’s Fat Bear Week  Our show needs your voice! Tell us what you think of the show or ask a question for our hosts to answer! Send a voice memo or give us a call at 508-82-SMART (508-827-6278).

The CyberWire
IoT security and the need for randomness. [Research Saturday]

The CyberWire

Play Episode Listen Later Oct 2, 2021 33:35


Dan Petro, Lead Researcher, and Allan Cecil, Security Consultant, from Bishop Fox join Dave to share their research "You're Doing IoT RNG," that they presented at DefCon 29. There's a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide. Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use. In order to perform most security-relevant operations, computers need to generate secrets via an RNG. These secrets then form the basis of cryptography, access controls, authentication, and more. The details of exactly how and why these secrets are generated varies for each use. The research can be found here: You're Doing IoT RNG

Research Saturday
IoT security and the need for randomness.

Research Saturday

Play Episode Listen Later Oct 2, 2021 33:35


Dan Petro, Lead Researcher, and Allan Cecil, Security Consultant, from Bishop Fox join Dave to share their research "You're Doing IoT RNG," that they presented at DefCon 29. There's a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide. Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use. In order to perform most security-relevant operations, computers need to generate secrets via an RNG. These secrets then form the basis of cryptography, access controls, authentication, and more. The details of exactly how and why these secrets are generated varies for each use. The research can be found here: You're Doing IoT RNG

Reveal
Weapons with minds of their own

Reveal

Play Episode Listen Later Oct 2, 2021 50:26


The future of warfare is being shaped by computer algorithms that are assuming ever greater control over battlefield technology. Will this give machines the power to decide who to kill?     The United States is in a race to harness gargantuan leaps in artificial intelligence to develop new weapons systems for a new kind of warfare. Pentagon leaders call it “algorithmic warfare.” But the push to integrate AI into battlefield technology raises a big question: How far should we go in handing control of lethal weapons to machines? We team up with The Center for Public Integrity and national security reporter Zachary Fryer-Biggs to examine how AI is transforming warfare and our own moral code.  In our first story, Fryer-Biggs and Reveal's Michael Montgomery head to the U.S. Military Academy at West Point. Sophomore cadets are exploring the ethics of autonomous weapons through a lab simulation that uses miniature tanks programmed to destroy their targets. Next, Fryer-Biggs and Montgomery talk to a top general leading the Pentagon's AI initiative. They also explore the legendary hackers conference known as DEF CON and hear from technologists campaigning for a global ban on autonomous weapons. Machines are getting smarter, faster and better at figuring out who to kill in battle. But should we let them?

Hacking Humans
Capture the Flag, Black Badges and social engineering tricks.

Hacking Humans

Play Episode Listen Later Sep 30, 2021 40:21


Guest Chris Kirsch, DefCon 25 Social Engineering Capture The Flag winner and Co-Founder and Chief Executive Officer at Rumble, talks with our UK Correspondent Carole Theriault about his experience at the event, Dave's story is about scammers bypassing social engineering and going directly to pitch employees to install ransomware, Joe's got a story about travel scams he came across while planning a recent trip, our Catch of the Day comes from Reddit about some text messages which cause emotions to flare. Links to stories: Nigerian Threat Actors Skip Social Engineering, Make Direct Pitches to Employees To Install Ransomware on Company Networks 15 Common Travel Scams (And How To Avoid Them) Catch of the Day links: Guess I made the scammer angry? He blocked me before I could really mess with him, unfortunately Did I win? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

CFB Podcast with Herbie, Pollack & Negandhi
Enjoying the Parity; Cincinnati Carrying the G5 Flag; Mid-Week DEFCONs

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Sep 29, 2021 54:23


Kevin Negandhi and Booger McFarland discuss the key to Alabama-Ole Miss, the relationship between Nick Saban and Lane Kiffin, Notre Dame's deficiencies, why Georgia is a bad matchup for Arkansas and which team stocks they're buying through four weeks. Plus, Booger doles out his DEFCON levels for Clemson, Wisconsin and UNC.

The Bill Press Pod
Our Democracy in Peril-Part 3 "DEFCON 5."

The Bill Press Pod

Play Episode Listen Later Sep 28, 2021 38:17


Voter suppression is serious but one of the leading election law experts in the country says "Election Subversion" is the greater threat to American Democracy. In this episode, he explains what it is and why it's a "DEFCON 5" level emergency. Rick Hasen is Professor of Law and Political Science at the University of California, Irvine and was a CNN Election Law Analyst in 2020. He runs the Election Law Blog. Today's Bill Press Pod is supported by the United Food and Commercial Workers Union. In additional to representing workers in our grocery stores, pharmacies and food processing plants, the UFCW sponsors a wide range of valuable programs in communities around the country. More information at UFCW.org .See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Ruthless
Defcon Disarray

Ruthless

Play Episode Listen Later Sep 23, 2021 78:52


The fellas banter on Biden, the media and Democrat's terrible mess in Congress before welcoming Rep. Jim Jordan for an interview on the variety progrum.

CFB Podcast with Herbie, Pollack & Negandhi
Teams Looking for Identity; Mid-Week DEFCONs

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Sep 22, 2021 44:01


Kevin Negandhi and a near-shirtless Booger McFarland discuss what they make of Oklahoma, West Virginia needing to feed Leddie Brown, Notre Dame's defensive game plan for Wisconsin, Jack Coan playing against his old team, if Jimbo Fisher will open things up against Arkansas and which is the third best team in the SEC. Plus, Booger doles out his DEFCON levels for UCLA, Indiana and USF.

Packers Talk
Cheesehead Radio: Stumbling, Bumbling, and Fumbling Out Of The Gate

Packers Talk

Play Episode Listen Later Sep 16, 2021 38:00


Disappointing? Nay. Embarrassing? Getting closer. DEFCON 5 alert status? Now we're talking. The Green Bay Packers were shellacked in their season opener against the Saints, losing 38-3 in a game that had virtually no positives throughout. Aaron Rodgers, the man behind "The Last Dance", "The Hungriest Team I've Seen In Years", "Championship or Disappointment" was the biggest disappointment, as last year's MVP was benched with ten minutes left in the game. Join CD, Al, and Kelly for a rant/conversation of our Final 53 and all things Packers! 1st Quarter: Aaron Rodgers Notches His Most Uninspired Game Ever 2nd Quarter: Kevin King Glaring Weaknesses on a Weak Defensive Performance 3rd Quarter: Every Game Has Positives....Right? RIGHT??? 4th Quarter: Is There Redemption on Monday Night vs. The Lions? Overtime: Packers/Lions Game Predictions Cheesehead Radio is a part of the Packers Talk family of podcasts, serving up enough weekly podcasts to satisfy the most fervent of Packer fans. Follow Packers Talk on Twitter, Facebook, and subscribe over at iTunes.

CFB Podcast with Herbie, Pollack & Negandhi
Why Clay Helton Failed at USC; Mid-Week DEFCONs

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Sep 15, 2021 50:45


Kevin Negandhi and Booger McFarland discuss USC at a DEFCON 1 after firing Clay Helton, why Helton ultimately failed at USC, candidates for the Southern Cal job, Anthony Richardson's health, Michigan State running the ball against Miami, if Brian Harsin can keep Bo Nix calm during the White Out, the Big Ten race, quarterback shuffling at Texas and Texas A&M, and DEFCON levels for Washington and Florida State.

Hacker History Podcast
The history of Chloé Messdaghi

Hacker History Podcast

Play Episode Listen Later Sep 15, 2021 27:45


Hacker History sits down with Chloé Messdaghi. We learn about her work with Hacking is NOT a Crime. How she hacked her way into Summer Camp. What it's like breaking into the space and why a diverse set of voices is hugely important. Show Notes Chloé's Twitter Hacking is NOT a Crime

CISO Stories Podcast
Fiscally Responsible Ways to Train/Build Community - Kevin Novak - CSP #35

CISO Stories Podcast

Play Episode Listen Later Sep 14, 2021 23:33


All organizations must have security awareness training programs to teach basics to end users. Similarly, the technical teams need to be exposed to flexible training that is interesting to them. Join this podcast to learn how to bring company groups together and form your own DEFCON-type event in-house or in partnership with other organizations.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Kevin_Novak_Article.pdf   Novak, K. 2019. Fiscally Responsible Ways to Train/Build Community. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 153. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp35 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Security Voices
Satellite Hacking w/ Frank Pound

Security Voices

Play Episode Listen Later Sep 13, 2021 71:17


Hundreds of inexpensive satellites are now regularly launched into space through SpaceX's Smallsat Rideshare program. Some are sophisticated and commercial, others are DIY and experimental. They share space with now over 3,000 other artificial satellites orbiting the Earth. What could possibly go wrong?Frank Pound joins Jack and Dave for a conversation to answer the question of just how hackproof satellites really are and why it matters, starting with the Hack-a-Sat competition. Hack-a-Sat is an intensive capture the flag style competition currently in its second year where teams square off against one another to break into and defend satellite tech. And along the way, we learn that doing so requires encounters with strange software, hardware and not a small amount of hard math.The most known, visible satellite hack dates back to the 1980s and involves a broadcast takeover around Thanksgiving from a Max Headroom mask wearing man which ended in a spanking, but no real harm done. Jack and Dave explore the attack surface of satellites with Frank to find out when the next attack happens, where it's likely to be. And along the way, we discover the Hubble Telescope's terrible secret: ancient Javascript in its belly that's likely kept on life support by some unfortunate government contractor. Throughout the hour-long conversation with Frank, one gets the impression that we're still in the early days of satellite hacking. However, the breakneck pace of satellites being launched and their considerable potential vulnerability to cyber attacks point in the direction of a lot more than simply Max Headroom interruptions and GPS whoopsies in the future.

Mac Admins Podcast
Episode 233: Red Team Mac-hinations at Defcon

Mac Admins Podcast

Play Episode Listen Later Sep 13, 2021 60:57


The art of the security Red Team is a difficult one, and Cedric Owens joins us this week to talk about how it works, some of the tools of the trade, and how to go after macOS fleets. Hosts: Tom Bridge - @tbridge777 Charles Edge - @cedge318 Marcus Ransom - @marcusransom Guests: Cedric Owens Links: Gone Apple Pickin: Red Teaming MacOS Environments in 2021 Bloodhound Machound  Introducing Machound  Persistent JXA Cody Thomas' talk on Bifrost at OBTS Apple bug bounty Mythic Mischa van de Bent macOS Security Compliance - CIS Baseline   Sponsors: Kandji Secureframe Alectrona Patch Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson

Layer 8 Podcast
Episode 76: Alethe Denis - Creating Pretexts for Social Engineering

Layer 8 Podcast

Play Episode Listen Later Sep 13, 2021 60:26


Alethe Denis is an amazing accomplished social engineer. She won the Social Engineering Capture the Flag competition at Defcon 27. She was part of a team that won a Trace Labs OSINT Capture the Flag competition. She will again be a judge at the Collegiate Social Engineering competition. She created the Defcon 209 chapter in California, and is the original ambassador to the Innocent Lives Foundation. In this episode, Alethe takes us through her pretext preparation for Defcon and how she creates pretexts for social engineering. She breaks down some of the principles of persuasion that she talks about in her presentation "Phishy Little Liars" and lets us in on an attempted financial scam against her that she exposed.

The Hacker Factory
From DEF CON Social Engineering CTF Black Badge Winner To Cyber Security Consultant | A Conversation With Alethe Denis | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Sep 10, 2021 49:35


Alethe shares the story of her childhood, winning the DEF CON Social Engineering CTF and becoming a cyber security consultant.Some people are born with specific skills, and Alethe seems to have social engineering in her DNA. She shares how her childhood experience was an indicator of what she would do as a career someday. Alethe not only shares her intriguing story but a lot of great career advice._______________________GuestAlethe DenisOn Linkedin | https://www.linkedin.com/in/alethe/On Twitter | https://twitter.com/AletheDenis______________________HostPhillip WylieOn ITSPmagazine  

The History of Computing
Sage: The Semi-Automatic Ground Environment Air Defense

The History of Computing

Play Episode Listen Later Sep 9, 2021 18:10


The Soviet Union detonated their first nuclear bomb in 1949, releasing 20 kilotons worth of an explosion and sparking the nuclear arms race. A weather reconnaissance mission confirmed that the Soviets did so and Klaus Fuchs was arrested for espionage, after passing blueprints for the Fat Man bomb that had been dropped on Japan. A common name in the podcast is Vannevar Bush. At this point he was the president of the Carnegie Institute and put together a panel to verify the findings. The Soviets were catching up to American science. Not only did they have a bomb but they also had new aircraft that were capable of dropping a bomb. People built bomb shelters, schools ran drills to teach students how to survive a nuclear blast and within a few years we'd moved on to the hydrogen bomb. And so the world lived in fear of nuclear fall-out. Radar had come along during World War II and we'd developed Ground Control of Intercept, an early radar network. But that wouldn't be enough to protect against this new threat. If one of these Soviet bombers, like the Tupolev 16 “Badger” were to come into American airspace, the prevailing thought was that we needed to shoot it down before the payload could be delivered. The Department of Defense started simulating what a nuclear war would look like. And they asked the Air Force to develop an air defense system. Given the great work done at MIT, much under the careful eye of Vannevar Bush, they reached out to George Valley, a professor in the Physics Department who had studied nuclear weapons. He also sat on the Air Force Scientific Advisory Board, and toured some of the existing sites and took a survey of the US assets. He sent his findings and they eventually made their way to General Vandenberg, who assigned General Fairchild to assemble a committee which would become the Valley Committee, or more officially the Air Defense Systems Engineering Committee, or ADSEC. ADSEC dug in deeper and decided that we needed a large number of radar stations with a computer that could aggregate and then analyze data to detect enemy aircraft in real time. John Harrington had worked out how to convert radar into code and could send that over telephone lines. They just needed a computer that could crunch the data as it was received. And yet none of the computer companies at the time were able to do this kind of real time operation. We were still in a batch processing mainframe world. Jay Forrester at MIT was working on the idea of real-time computing. Just one problem, the Servomechanisms lab where he was working on Project Whirlwind for the Navy for flight simulation was over budget and while they'd developed plenty of ground-breaking technology, they needed more funding. So Forrester was added to ADSEC and added the ability to process the digital radar information. By the end of 1950, the team was able to complete successful tests of sending radar information to Whirlwind over the phone lines. Now it was time to get funding, which was proposed at $2 million a year to fund a lab. Given that Valley and Forrester were both at MIT, they decided it should be at MIT. Here, they saw a way to help push the electronics industry forward and the Navy's Chief Scientist Louis Ridenour knew that wherever that lab was built would become a the next scientific hotspot. The president at MIT at the time, James Killian, wasn't exactly jumping on the idea of MIT becoming an arm of the department of defense so put together 28 scientists to review the plans from ADSEC, which became Project Charles and threw their support to forming the new lab. They had measured twice and were ready to cut. There were already projects being run by the military during the arms buildup named after other places surrounding MIT so they picked Project Lincoln for the name of the project to Project Lincoln. They appointed F Wheeler Loomis as the director with a mission to design a defense system. As with all big projects, they broke it up into five small projects, or divisions; things like digital computers, aircraft control and warning, and communications. A sixth did the business administration for the five technical divisions and another delivered technical services as needed. They grew to over 300 people by the end of 1951 and over 1,300 in 1952. They moved offsite and built a new campus - thus establishing Lincoln Lab. By the end of 1953 they had written a memo called A Proposal for Air Defense System Evolution: The Technical Phase. This called for a net of radars to be set up that would track the trajectory of all aircraft in the US airspace and beyond. And to build communications to deploy the weapons that could destroy those aircraft. The Manhattan project had brought in the nuclear age but this project grew to be larger as now we had to protect ourselves from the potential devastation we wrought. We were firmly in the Cold War with America testing the hydrogen bomb in 52 and the Soviets doing so in 55. That was the same year the prototype of the AN/FSQ-7 to replace Whirlwind. To protect the nation from these bombs they would need 100s of radars, 24 centers to receive data, and 3 combat centers. They planned for direction centers to have a pair of AN/FSQ-7 computers, which were the Whirlwind evolved. That meant half a million lines of code which was by far the most ambitious software ever written. Forrester had developed magnetic-core memory for Whirlwind. That doubled the speed of the computer. They hired IBM to build the AN/FSQ-7 computers and from there we started to see commercial applications as well when IBM added it to the 704 mainframe in 1955. Stalin was running labor camps and purges. An estimated nine million people died in Gulags or from hunger. Chairman Mao visited Moscow in 1957, sparking the Great Leap Forward policy that saw 45 million people die. All in the name of building a utopian paradise. Americans were scared. And Stalin was distrustful of computers for any applications beyond scientific computing for the arms race. By contrast, people like Ken Olsen from Lincoln Lab left to found Digital Equipment Corporation and sell modular mini-computers on the mass market, with DEC eventually rising to be the number two computing company in the world. The project also needed software and so that was farmed out to Rand who would have over 500 programmers work on it. And a special display to watch planes as they were flying, which began as a Stromberg-Carlson Charactron cathode ray tube. IBM got to work building the 24 FSQ-7s, with each coming in at a whopping 250 tons and nearly 50,000 vacuum tubes - and of course that magnetic core memory. All this wasn't just theoretical. Given the proximity, they deployed the first net of around a dozen radars around Cape Cod as a prototype. They ran dedicated phone lines from Cambridge and built the first direction center, equipping it with an interactive display console that showed an x for each object being tracked, adding labels and then Robert Everett came up with the idea of a light gun that could be used as a pointing device, along with a keyboard, to control the computers from a terminal. They tested the Cape Cod installation in 1953 and added long range radars in Maine and New York by the end of 1954, working out bugs as they went. The Suffolk County Airfield in Long Island was added so Strategic Air Command could start running exercises for response teams. By the end of 1955 they put the system to the test and it passed all requirements from the Air Force. The radars detected the aircraft and were able to then control manned antiaircraft operations. By 1957 they were adding logic and capacity to the system, having fine tuned over a number of test runs until they got to a 100 percent interception rate. They were ready to build out the direction centers. The research and development phase was done - now it was time to produce an operational system. Western Electric built a network of radar and communication systems across Northern Canada that became known as the DEW line, short for Distant Early Warning. They added increasingly complicated radar, layers of protection, like Buckminster Fuller joining for a bit to develop a geodesic dome to protect the radars using fiberglass. They added radar to what looked like oil rigs around Texas, experimented with radar on planes and ships, and how to connect those back to the main system. By the end of 1957 the system was ready to move into production and integration with live weapons into the code and connections. This is where MIT was calling it done for their part of the program. Only problem is when the Air Force looked around for companies willing to take on such a large project, no one could. So MITRE corporation was spun out of Lincoln Labs pulling in people from a variety of other government contractors and continues on to this day working on national security, GPS, election integrity, and health care. They took the McChord airfare online as DC-12 in 1957, then Syracuse New York in 1958 and started phasing in automated response. Andrews, Dobbins, Geiger Field, Los Angeles Air Defense Sector, and others went online over the course of the next few years. The DEW line went operational in 1962, extending from Iceland to the Aleutians. By 1963, NORAD had a Combined Operations Center where the war room became reality. Burroughs eventually won a contract to deploy new D825 computers to form a system called BUIC II and with the rapidly changing release of new solid state technology those got replaced with a Hughes AN/TSQ-51. With the rise of Airborn Warning and Control Systems (AWACS), the ground systems started to slowly get dismantled in 1980, being phased out completely in 1984, the year after WarGames was released. In WarGames, Matthew Broderick plays David Lightman, a young hacker who happens upon a game. One Jon Von Neumann himself might have written as he applied Game Theory to the nuclear threat. Lightman almost starts World War III when he tries to play Global Thermonuclear War. He raises the level of DEFCON and so inspires a generation of hackers who founded conferences like DEFCON and to this day war dial, or war drive, or war whatever. The US spent countless tax money on advancing technology in the buildup for World War II and the years after. The Manhattan Project, Project Whirlwind, SAGE, and countless others saw increasing expenditures. Kennedy continued the trend in 1961 when he started the process of putting humans on the moon. And the unpopularity of the Vietnam war, which US soldiers had been dying in since 1959, caused a rollback of spending. The legacy of these massive projects was huge spending to advance the sciences required to produce each. The need for these computers in SAGE and other critical infrastructure to withstand a nuclear war led to ARPANET, which over time evolved into the Internet. The subsequent privatization of these projects, the rapid advancement in making chips, and the drop in costs while frequent doubling of speeds based on findings from each discipline finding their way into others then gave us personal computing and the modern era of PCs then mobile devices. But it all goes back to projects like ENIAC, Whirlwind, and SAGE. Here, we can see generations of computing evolve with each project. I'm frequently asked what's next in our field. It's impossible to know exactly. But we can look to mega projects, many of which are transportation related - and we can look at grants from the NSF. And DARPA and many major universities. Many of these produce new standards so we can also watch for new RFCs from the IETF. But the coolest tech is probably classified, so ask again in a few years! And we can look to what inspires - sometimes that's a perceived need, like thwarting nuclear war. Sometimes mapping human genomes isn't a need until we need to rapidly develop a vaccine. And sometimes, well… sometimes it's just returning to some sense of normalcy. Because we're all about ready for that. That might mean not being afraid of nuclear war as a society any longer. Or not being afraid to leave our homes. Or whatever the world throws at us next.

CFB Podcast with Herbie, Pollack & Negandhi
Pac-12 Optics; Mid-Week DEFCONs

CFB Podcast with Herbie, Pollack & Negandhi

Play Episode Listen Later Sep 8, 2021 44:06


Kevin Negandhi and Booger McFarland discuss Ohio State-Oregon, why the Ducks need to win to save the Pac-12's dignity, UCLA making a statement, Georgia's offensive struggles, why Booger thinks Penn State is back on track, quarterback rumblings in Gainesville, the Cy-Hawk game, and Washington-Michigan feeling like a must-win for both teams. Plus, Booger doles out his DEFCON levels for Clemson, North Carolina and LSU.

JC and Morgan Podcast
Good to be back

JC and Morgan Podcast

Play Episode Listen Later Sep 7, 2021 82:40


Labor Day Weekend, 2021, is in the books and that means Mike Morgan (ESPN/SEC Network) and JC Shurburtt (247Sports) are back to review all of the first week college football action. The DEFCON levels return (one entire conference is at DEFCON-1 right now) and the guys deep dive into the Southeastern Conference, Big 12 expansion and a number of other topics, plus a preview for Week 2. JC and Morgan is proudly presented by Stewart Wingo of Ameriprise- for all of your mortgage needs call Stewart at 803-319-1777. Learn more about your ad choices. Visit megaphone.fm/adchoices

Layer 8 Podcast
Episode 75: Rae Baker - Maritime OSINT, Breaking In and OSINT Competitions

Layer 8 Podcast

Play Episode Listen Later Sep 6, 2021 38:58


For this episode, we get to speak with Rae Baker, also known as Wondersmith_Rae on Twitter. Rae changed careers a few years ago from a graphic designer to the world of OSINT. Along the way, she has competed in and won OSINT competitions, given presentations at BSides, ShmooCon and most recently, Defcon's Recon Village. She has some great advice for how to get into the field and also how to succeed in an OSINT Capture the Flag competition. Rae is on the executive board of OSINT Curious and is also a volunteer with the Innocent Lives Foundation.

Meet Us At Molly's
Episode 192 - Chicago Fire 2x03 ”Defcon 1”

Meet Us At Molly's

Play Episode Listen Later Sep 3, 2021 86:57


Rumor on the street is that the Darden boys are returning for Chicago Fire season 10. So in honor of that, we thought we'd cover an OG Darden boys episode this week - episode 2x03, titled “Defcon 1”. We discuss how Casey was able to relate to the Darden boys because of their shared past, Severide's arson beginnings, whether or not Gabby and Jay had sex on the bar at Molly's, a brief history of Daft Punk and so much more! News — 3:31 Patron Shoutouts — 14:22 Fire 2x03 — 15:32 As always, we want to hear what you think about these topics; make sure you are following us on Twitter (@meetusatmollys), or email us at meetusatmollys@gmail.com to continue the discussion. Our inbox is always open and a safe space for you all to share your thoughts and feelings.

Ready, Set, Secure
Cybersecurity Insurance 101 with Nolen Bucek

Ready, Set, Secure

Play Episode Listen Later Sep 2, 2021 43:10


After a short break for Black Hat and DefCon the guys are back to talk about a topic that isn't always fun but is very important to enterprise organizations – cybersecurity insurance. In this episode Nolen Bucek from Dean & Draper discusses what your policy can look like, what to look out for, and how outside events can affect your ability to secure proper coverage. Things Mentioned:·      https://www.insurancejournal.com/news/national/2021/08/27/629122.htm·      https://www.darkreading.com/vulnerabilities-threats/one-year-later-a-look-back-at-zerologon·      https://www.nextgov.com/cybersecurity/2021/08/white-house-tasks-nist-producing-another-cybersecurity-framework/184868/·      https://risky.bizDo you have questions for the hosts? Reach out to us on our website at https://www.setsolutions.com/contact/Hosts: Michael Farnum and Justin HutchensProduced by: Set SolutionsEdited by: Lauren LynchMusic Credit: Inspired by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3918-inspiredLicense: http://creativecommons.org/licenses/by/4.0/

Easy Prey
Social Engineering and Pick-Pocketing with Chris Kirsch

Easy Prey

Play Episode Listen Later Sep 1, 2021 55:29


Gifted pick-pocketers can use social engineering skills to choose their victims. Many times as we travel, we may not realize that our body language makes us an easy target.  Today's guest is Chris Kirsch. Chris is the CRO and co-founder of Rumble. With a background in product marketing and technical mindset, he has helped formulate go-to marketing strategies at PGP, Rapid7, and Veracode. In 2017, he earned the black badge for winning the social engineering capture the flag competition at DEFCON. He has a passion for InfoSec, OSINT, and is a volunteer advisor for the National Child Protection Task Force. Show Notes: [1:05] - Welcome Chris! Chris shares his background. [2:20] - Chris co-founded Rumble, an asset discovery company to help clients secure their network. [3:48] - Pick-pocketers are masters of misdirection. [6:34] - Chris explains why he got into the social engineering side of DEFCON. [8:18] - When in Paris, Chris's father was pick-pocketed which prompted him to start researching. [11:18] - After meeting a magician at a convention, Chris then became interested in open-source intelligence (OSINT). [11:51] - Chris defines the difference between the two schools of thought on pick-pocketing. [13:29] - Some pick-pocketers can steal without interacting with people while others utilize social interactions. [15:31] - Chris shares in more detail the story of his father being pick-pocketed. [17:38] - This experience showed Chris and his family a way that teams of people can work together to fool a target. [20:03] - There are some unusual laws that limit consequences for theft. [21:50] - Chris shares tips on where to place your wallet when traveling and demonstrates a scenario. [25:18] - Escalators are areas where pick-pocketing teams can be very successful. [28:17] - Placing your hand in your pocket to intentionally keep your belongings safe might actually make you a target. [30:31] - When something else is on your mind, you are an easy target. It is hard to always be aware. [33:19] - Chris uses an example of a phishing scam that demonstrates social engineers move you from rational thinking to emotional. [36:20] - Many people take these scams personally when in reality, scammers have no idea who you are. [38:27] - Chris references a documentary from the point of view of a social engineering target. [40:51] - Darren Brown on YouTube and Netflix has several videos and shows that demonstrate the psychology of many scams and manipulation. [43:59] - The sample you are seeing is what the person wants you to see. [45:12] - Chris gives actionable steps to take when feeling suspicious. [47:09] - Chris describes a time when he was able to use social engineering strategies that would have been shot down if the target had done something simple. [49:21] - For the “long con” scammers, Chris has advice about trust. [51:42] - Search for Kirsch Identity Fraud and you find free resources on identity theft. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Chris Kirsch on LinkedIn Chris Kirsch on Twitter Rumble Network Discovery Web Page Rumble Discovery on Twitter

Cybercrime Magazine Podcast
Cybercrime Magazine Update: Black Hat & DEF CON 2021! Steve Morgan, Founder, Cybersecurity Ventures.

Cybercrime Magazine Podcast

Play Episode Listen Later Aug 30, 2021 4:34


Latest news, interviews, podcasts, reports, videos, and special productions from Cybercrime Magazine, published by Cybersecurity Ventures. For more on cybersecurity, visit us at https://cybersecurityventures.com

Iron Sysadmin Podcast
Episode 107A - Defcon 29!

Iron Sysadmin Podcast

Play Episode Listen Later Aug 27, 2021 64:14


Welcome to Episode 107a Main Topic Defcon with Jscar & Skyria Hybrid this year 9K on site ( Pre-Covid it's around 30k) What is DEFCON? What is there to do at DEFCON? Talks/Presentations Villages Contests Networking Badges Stickers/challenge coins   What is your Favorite part of DEFCON? Can you watch the presentation now? https://www.youtube.com/user/DEFCONConference https://htp.live/video-channels/defcon29/videos  What was DEFCON like this year? In person -- How was safety? What felt different? Same? Smelt Different - 321 rule Lots of online content = feelings of missing out? Online How was safety (Give all of our data away) ? What felt different? Same? Smelt Different - 321 rule Feelings of missing out hit hard Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast  OR https://twitch.tv/IronSysadminPodcast   Discord Community: https://discord.gg/wmxvQ4c2H6  Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin   Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/ 

Absolute AppSec
Episode Ep. 145 - Return of @cktricky, Burnout, Bumble Vuln, Brute-Forcing

Absolute AppSec

Play Episode Listen Later Aug 26, 2021


@cktricky is _back_ with a newfound lease on life (and application security). The duo discusses in-person vs. virtual conferences, DEF CON 29, burnout, vulnerabilities in dating apps. A demonstration of using Burp Suite to fuzz a user enumeration vulnerability and brute-force an account.

Brakeing Down Security Podcast
2021-030-incident response, business goal alignment, showing value in IR -p2

Brakeing Down Security Podcast

Play Episode Listen Later Aug 22, 2021 45:58


https://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response.  Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues? How do we communicate those issues to management? How should we handle the workload? Testing of your IR costs money, do you have budget for that? (verodin, red-team) Restoring backups, extra VPC or azure environment   Incidents occur You have to minimize issues, right? But is there a good way of doing that? Simplify your environment?  Spend time working on the CIS 20? You gotta plan for that and show value vs effort.   Incident response is an ever changing landscape.    What is the goal of IR? Minimize damage Identify affected systems Recover gracefully and quickly? Does your environment allow for quick recovery? What does ‘return to normal' look like? The goal of business Make money Incidents should just be considered part of doing business (risks) The more popular, the more likely the attack   Incident timeframe = criteria for getting back to normal.   PICERL is a cycle, and one of continual improvement. Incident response is not ‘one and done'. 

Aperture: A Claroty Podcast
Tom Pace on SBOMs for ICS and OT

Aperture: A Claroty Podcast

Play Episode Listen Later Aug 22, 2021 48:58


Tom Pace, founder of security company NetRise joins Claroty's Aperture Podcast to discuss SBOMs, or software bill of materials, and how they can be leveraged to improve industrial control system and operational technology cybersecurity. SBOMs are analogous to ingredient labels on food products, or parts lists for automobiles. Yet for ICS and OT equipment, they are a rarity. That lack of visibility into software and firmware components puts organizations at risk in the event of an incident, or can hamper risk management efforts. Pace discusses the value proposition of SBOMs, how they can be created and consumed inside industrial enterprises, and takes down some misconceptions vendors and buyers may have around SBOMs giving attackers a network roadmap, or leaking intellectual property secrets. Pace also covered this subject in a talk at the recent ICS Village at DEFCON. 

The 443 - Security Simplified
DEF CON 29 Recap

The 443 - Security Simplified

Play Episode Listen Later Aug 18, 2021 46:14


This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven't checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year's and all previous year's content.

Locked On Clippers - Daily Podcast On The LA Clippers
LA Clippers Trade Away Patrick Beverley For Eric Bledsoe + 3rd Center Watch Has Hit DEFCON 2

Locked On Clippers - Daily Podcast On The LA Clippers

Play Episode Listen Later Aug 16, 2021 34:04


It's hard to say goodbye to a player like Patrick Beverley, but we try. Reacting to the Clippers trading Patrick Beverley, Rajon Rondo, and Daniel Oturu for Eric Bledsoe, trying to figure out Bledsoe's fit on this Clippers roster, checking in on the Clipper rookies Summer League process, and the new LA Clippers Arena will break ground in 6 months (apparently) Learn more about your ad choices. Visit podcastchoices.com/adchoices

Security Voices
Strange roommates: Whitney Merrill on the uneasy coupling of security & privacy

Security Voices

Play Episode Listen Later Aug 16, 2021 69:44


A clear pattern is emerging of security leaders also being anointed with responsibility for privacy. Some of the origins of this movement no doubt can be found in regulations like GDPR who blend requirements for both security and privacy in mandates for data breach response. While this may seem like a logical pairing for lawmakers, it can be anything but a happy marriage inside an organization as they not only compete for resources but also have divergent needs in areas such as data retention.Whitney Merrill, founder of the Defcon Crypto and Privacy Village and current Privacy Counsel at Asana, joins Jack and Dave to untangle the complicated relationship between privacy and security. From shared ground in areas such as longstanding shortages in staffing to profound differences elsewhere, security and privacy are just similar enough to allow those who combine them thoughtlessly to make a mess of them both. Case in point, Whitney explains that privacy is often not a risk exercise at all, but instead a legal matter. We conclude with Whitney's clear, practical advice for CISOs who find themselves responsible for privacy for the first time to keep their head above water and a healthy distance from regulators.Our dialogue with Whitney also serves as a catch up session for anyone who wants to go past current headlines, from the latest on Clubhouse, Facebook and Grindr to mobile deanonymization and the unsavory business of data brokers. She explains just how hard it is to actually get an organization to properly respond to a data inquiry, but why she does it and how the visibility she provided on the struggle may have prompted the California Attorney General to recently take action against a very visible, repeat offender.

Firewalls Don't Stop Dragons Podcast

Are hackers born or are they made? What is the essence of a true hacker? Today I explore these topics and more with the founder of both DEFCON and Black Hat, Jeff Moss - also known as The Dark Tangent. I also ask Jeff why we seem to suck at cybersecurity, what his top tips are for staying safe online, when DEFCON evolved to be bigger than its founder, how DEFCON has managed to stay focused on its attendees all these years, and how he plans to find a worthy successor to run the DEFCON conference when he inevitably steps aside. Further Info DEFCON documentary: https://www.youtube.com/watch?v=3ctQOmjQyYg Privacy is Power, book by Carissa Véliz : https://www.amazon.com/Privacy-Power-Should-Take-Control/dp/1612199151 My review of Privacy is Power: https://firewallsdontstopdragons.com/privacy-is-power-review/ The Value of Privacy, by Bruce Schneier: https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html TED Talk on Privacy by Glenn Greenwald: https://www.ted.com/talks/glenn_greenwald_why_privacy_matters Hackers, book by Steven Levy: https://www.amazon.com/Hackers-Computer-Revolution-Steven-Levy/dp/1449388396 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Brakeing Down Security Podcast
2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1

Brakeing Down Security Podcast

Play Episode Listen Later Aug 15, 2021 40:08


https://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response.  Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues? How do we communicate those issues to management? How should we handle the workload? Testing of your IR costs money, do you have budget for that? (verodin, red-team) Restoring backups, extra VPC or azure environment Incidents occur You have to minimize issues, right? But is there a good way of doing that? Simplify your environment?  Spend time working on the CIS 20? You gotta plan for that and show value vs effort.   Incident response is an ever changing landscape.    What is the goal of IR? Minimize damage Identify affected systems Recover gracefully and quickly? Does your environment allow for quick recovery? What does ‘return to normal' look like? The goal of business Make money Incidents should just be considered part of doing business (risks) The more popular, the more likely the attack Incident timeframe = criteria for getting back to normal. PICERL is a cycle, and one of continual improvement. Incident response is not ‘one and done'. 

The Fabulous Peltoncast: Seattle Sports and More

Our search for Seattle’s best fried chicken begins the quarterfinals with Ma’ono facing Quick Pack Food Mart. Then we talk Kevin’s Las Vegas eating, Sounders advancing in the Leagues Cup and DEFCON levels for Seahawks extensions. Contents sponsored by Pagliacci … Continue reading →

Marketplace Tech
Twitter wants bounty hunters to help fix its image-cropping algorithm

Marketplace Tech

Play Episode Listen Later Aug 4, 2021 8:56


Back in May, Twitter partially disabled an algorithm that cropped photos posted by users in ways that revealed certain biases. A company audit, and plenty of people on the internet, found the algorithm preferred white faces over Black faces, and men over women. Now, as part of the hacker conference DEF CON, which starts tomorrow, the company is offering a cash bounty to help fix the problem. Marketplace’s Meghan McCarty Carino speaks with Rumman Chowdhury, director of Machine Learning Ethics, Transparency and Accountability at Twitter. Before that, she was founder and CEO of Parity, which helped other companies identify bias in their algorithms. Chowdhury says the cropping algorithm was based on data tracking where real people tended to look in photos.

Marketplace All-in-One
Twitter wants bounty hunters to help fix its image-cropping algorithm

Marketplace All-in-One

Play Episode Listen Later Aug 4, 2021 8:56


Back in May, Twitter partially disabled an algorithm that cropped photos posted by users in ways that revealed certain biases. A company audit, and plenty of people on the internet, found the algorithm preferred white faces over Black faces, and men over women. Now, as part of the hacker conference DEF CON, which starts tomorrow, the company is offering a cash bounty to help fix the problem. Marketplace’s Meghan McCarty Carino speaks with Rumman Chowdhury, director of Machine Learning Ethics, Transparency and Accountability at Twitter. Before that, she was founder and CEO of Parity, which helped other companies identify bias in their algorithms. Chowdhury says the cropping algorithm was based on data tracking where real people tended to look in photos.