Friday, March 27, 2015

SANS Top 20 Controls - #12 and #13


We continue our trek down the list of SANS Top 20 Critical Security Controls this week with #12 and #13 - Boundry Defense, and Controlled use of Administrative Privileges.  Learn what you can do to shore up your network defenses, and how to handle admin privileges... When to give that kind of access, and how to make privileged access as secure as possible while still allowing administrators to do their work.

 

 

https://www.sans.org/media/critical-security-controls/CSC-5.pdf

 

 

http://www.openspf.org/

 

https://4sysops.com/


Here is a new episode of Brakeing Down Security!

Friday, March 20, 2015

2015-013-Hackerspaces and their sense of community


We invited the organizers of the "TheLab.ms", a Dallas, Texas based hacker/makerspace on the podcast to talk about why they wanted to start a makerspace, the costs and plans to setup a hacker space, and some of the things you can do with a makerspace. We also understand the sense of community and the learning environment gained from these places. 

If you are looking to start a 'space in your area, or looking to understand why they are needed in a community, you'll want to listen to Roxy, Sean, and Jarrod talk about the highs and lows and even some of the gotchas in setting up a space.


Here is a new episode of Brakeing Down Security!

Saturday, March 14, 2015

2015-012-Fill In podcast with Jarrod and Lee!


Mr. Boettcher went on vacation and was volunteering for Austin Bsides this week, and I needed to do a podcast, so I enlisted the aid of Lee Brotherston and Jarrod Frates discuss some important topics.  We discuss the seemingly short talent pool for IT/IS positions.  We talk about the ROWHAMMER vulnerability and how it may affect your organization. Additionally, we talk about how the NTP protocol is being maintained by one person and what can be done to help with that, as it is a critical piece of Internet Infrastructure, and finally, we figure out why PGP/GPG is not user-friendly, and if there are ways to make it better, or if it needs to be replaced permanently.

 

News of the week

  1. RowHammer -

http://www.darknet.org.uk/2015/03/rowhammer-ddr3-exploit-what-you-need-to-know/

 

  1. Lack of hire-able people in IT/IS - per Leviathan Sec report. https://www.leviathansecurity.com/blog/scarcity-of-cybersecurity-expertise/

 

  1. NTP maintained by one guy ‘Father Time’

http://www.informationweek.com/it-life/ntps-fate-hinges-on-father-time/d/d-id/1319432

 

  1. Moxie Marlinspike’s GPG/PGP rant: Perfection ruined the goal http://www.thoughtcrime.org/blog/gpg-and-me/

 


Here is a new episode of Brakeing Down Security!

Friday, March 6, 2015

2015-011- Why does BeEF and metadata tracking keep I2P developers up at night?


In our continuing discussion with Jeff and "Str4d", we got right to the heart of the matter: Privacy and anonymity.

 

If you're trying to remain anonymous, what steps do the devs of I2P use to keep themselves as anonymous as possible.  We also touch on what the "Browser Exploitation Framework", and why it scares the heck out of Jeff.

 

Finally, I ask them if there is any real 'good' sites on I2P, because of how the media seems to latch on to any story where we hear the bad things of any anonymizing network, is there a way we can improve the image of anonymizing networks.

 

*** If you have a blog, and it's about security/privacy/compliance, please consider adding us as a write-in for '2015 Best New Security Podcast' here:

https://www.surveymonkey.com/s/securitybloggers***

 

Show notes: https://docs.google.com/document/d/1Vh0HiUDXchesI2-BlthztoIIswZa0GZa_Jg0mOu0ao4/edit?usp=sharing


Here is a new episode of Brakeing Down Security!