browse:
play now:
Owned by: Richard Steinnon
Last Updated: 12/2/2008 @ 9:11 PM CT
Update Now

General Actions

Add To My Favorites

Digg This Add To Digg

RSS Link RSS For This Feed

Permalink - UrlURL For This Page

More About This Feed

Feed owner
Richard Steinnon
Website
Author
Richard Steinnon
Copyright
&##xA9; 2007 ZDNet.com
Feed Details
Feed Frequency
Type: Audio
Podcast Feed ZDNet: ThreatCast

Bringing order to threat chaos through news, views and analysis

Play Now or Subscribe
Episodes in this podcast
Most recent   Past month(0)   Past year(0)   Forever(31)  
Type: Audio
WED
MAR
28
2007
I interviewed John Amaral - Vice President of Research and Development for Vericept for this week's ThreatCast. He shed some light on what data protection solutions do. Basically they monitor the network to identify when things like SSN's are leaving the network. Most solutions can block the leakage as well. John told me they see all sorts of issues when they do evaluations for prospective customers all the way from customer lists being sent to personal email accounts to a prostitution ring that was being run from servers at one company.
Type: Audio
MON
NOV
27
2006
You may have caught my recent column on good vs bad NAC. To dig a little deeper into the good side of NAC that is the network access control stuff as opposed to the admission control stuff, I talked with Sanjay Uppal, Founder and CEO of Caymas Systems. Yes, Caymas has built in the ability to check system health just like the rest of the vendors that are trying to make system configuration a criteria for network access. But, in my mind, the real value Caymas brings is the granular access control enforced by a simple to deploy network appliance.
Type: Audio
TUE
NOV
21
2006
SCADA is of course the protocol that utilities such as gas, electric, and telecoms use to control the equipment they have to manage. Think of a simple way to check a temperature or voltage reading and report back as well as set values on switches, pumps, etc. It's easy. In the olden days SCADA devices were connected by phone lines and dedicated circuits. Today of course they are connected to IP networks that are often also connected to the Internet. I grabbed a chance to talk to Kowsik Guruswamy CTO and co-founder of MuSecurity, because they have recently added SCADA to the list of protocols they can test with their product. MuSecurity sells hardware appliances that can launch attacks against devices on the network to discover how they react to thousands of anomalous packets. They basically discover zero day vulnerabilities. Their primary customers are IT security departments who are evaluating different solutions, and security vendors that want to improve their products. Now they can also be used to check the robustness of things on the power grid for instance. Listen to the threatcast with Kowsik here. Note that he points out a scary situation. SCADA protocols are based in part on RPC DCOM, an infamous protocol that has been attacked by many worms. That does not make me feel good.
Type: Audio
WED
NOV
15
2006
Last week I caught up with DerEngel, the uber cable modem hacker, in his home in Hong Kong. He has just published his first book, Hacking the Cable Modem, and we had an opportunity to talk about the book as well as his life work, hacking cable modems. DerEngel (his nom de hacking) has turned a hacking hobby into a career. According to his statements he supports himself with proceeds from his web presence. Being the nexus of an interest group (cable modem hackers in this case) is one way to "do what you love." If you need components for a cable modem or flash ROM upgrades his site it the place to get them. The book is concise and detailed. There are sections on the physical components and how to get at them without destroying the case or the components. There is probably the most lucid and short description I have read of how buffer overflows work. And there are explicit instructions on how to change speed settings and port controls. A word about ethics here. DerEngel explicitly states that he does not condone stealing bandwidth from cable providers and I give him credit for that. His arguments that sys admins need to know how to configure cable modems to effectively manage their Internet connectivity has some merit. I would suggest that the most valuable contribution DerEngel has made to the world of security is to create a manual that the cable operators and cable modem manufacturers can use to harden their devices against malicious attacks. In the podcast DerEngle expresses doubt that cable modem manufactureres will even read his book but I beg to differ!
Type: Audio
WED
NOV
01
2006
I saw that Reconnex had hired an expert in data protection to conduct a study of some their customers and their use of leak prevention software. The report is available online. I interviewed Naomi Fine, the author of the benchmark study. It was interesting to talk to someone who has been helping her clients protect their intellectual property for many years, mostly through advice on legal and procedural protections rather than in the use of new technologies for leak prevention. Well worth listening to her views and advice in the latest IT-Harvest threatcast.

Tags On This Feed login to add/edit tags

technology(1) zdnet.com(1) threatcast(1)
 

Most Relevant Reviews

No reviews yet. You can be the first!
Add A Review

Mediafly.com | 10 West Hubbard Street - Suite 2D, Chicago, IL 60610

© Mediafly, Inc. 2006-2008 — Aggregated content and User-posted content, unless source quoted, is licensed under a Creative Commons Public Domain License.

The MEDIAFLY™ Network is your source for personalized podcasts, news, sports, comedy, pop-culture, technology, and more, delivered to your PC or mobile device.

 Yahoo Web Services
Site Index