@31378 Looking for a great information security podcast?
SearchSecurity.com has a variety of information security podcasts
you can download to your PC or MP3 player.
Listen
to this week's podcasts
P O D C A S T 
D E S C R I P T I O N S
- Security Wire Weekly recaps the week's top news in the
world of information security, plus features interviews with
industry luminaries, experts and information security pros just
like you.
RSS Feed - Newsmaker is an occasional interview series featuring
in-depth technical knowledge and industry analysis from one of
information security's leading visionaries.
RSS Feed
- Threat Monitor is a semimonthly tip that focuses on
current information security threats, including hack attacks,
viruses, worms, Trojans, backdoors, bots, spyware and DDoS, and
provides you with the tactics required to defend against
them.RSS Feed
- Security360 offers fresh perspectives from more than one
source -- from vendors, experts and infosec pros -- on a variety of
complex information security
issues.RSS Feed
- Meet the Security Squad. In this podcast series, the
writers and editors of SearchSecurity.com and Information
Security magazine debate today's hot-button security issues.
RSS Feed
Our featured podcasts are tutorials led by infosec experts who
offer tips and tactics to help with the latest information security
challenges.
Secure Reads and Hot Type: Security books in audio
are regular podcast series that feature chapters from popular
information security books, read by the authors themselves. Hot
Type podcasts exclusively feature books from authors affiliated
with publishers Addison-Wesley and Prentice Hall.
Use the players below to stream each podcast to your desktop, or
click on the links to subscribe to our podcast feeds and download
these podcasts to your desktop or MP3 player.
Podcasts for the week of Oct. 29, 2007
@21787Threat Monitor -- Nov. 1, 2007
iPhone security in the enterprise: Mitigating the
risks
Since its flashy launch in June 2007, the Apple iPhone has
certainly garnered a great deal of buzz. Almost immediately,
hackers searched for exploitable flaws in the product, and they
weren't disappointed. In this tip, Ed Skoudis examines
iPhone-specific attacks and reveals how organizations can limit
their exposure as the popular devices infiltrates the
enterprise.
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- Oct. 31, 2007
Security experts discuss whether the TJX data breach illustrates
the need to toughen the PCI Data Security Standard.
Download MP3 | Subscribe to
Security Wire Weekly
@33601 Security360: PCI DSS – Encryption, compensating controls and
your assessor
Chris Farrow talks about the changes ahead for the current
PCI standard and how compensating controls should be used, why they
are confusing and how to address compensating controls with your
assessor. He is co-founder and vice president of the PCI Security
Vendor Alliance. Farrow serves as the founder and director of the
Center for Policy & Compliance, a research and advisory group
created by Configuresoft.
Diana Kelley discusses some of the headaches companies are
encountering during the compliance process and how to choose an
assessor. Kelley is vice president and service director at the
Burton Group, where she focuses her research on security issues,
including compliance.
Dan Jones, director of IT at the University of Colorado,
explains his school's ongoing PCI compliance initiatives. Jones
says compliance is an ongoing process.
Podcasts for the week of Oct. 22, 2007
@21786 Security Wire Weekly -- Oct. 24, 2007
Security researcher Adam Laurie warns of weaknesses in radio
frequency identification technology (RFID). The researcher explains
how easy it is to copy an RFID tag. Also a look at the week's
news.
Download MP3 | Subscribe to
Security Wire Weekly
@26651 Fact or Fiction: How to Layer Security Within your Messaging
Architecture
This week's featured podcast is from SearchSecurity.com's
Integration of Networking and Security School.
John Burke, principal research analyst at Nemertes Research,
discusses some common unified communications security myths.
Listen to Fact or Fiction: How to Layer Security Within your Messaging
Architecture
Check out the rest of John Burke's lesson:
Securing the converged infrastructure
Podcasts for the week of Oct. 15, 2007
@21787Threat Monitor -- Oct. 18, 2007
Developing a patch management policy for third-party
applications
Enterprises may push the latest critical Windows patches once a
month, but here's a dirty little secret: Most organizations don't
bother patching their third-party applications. The diversity of
client-side software -- including everything from Acrobat Reader to
iTunes -- complicates matters, but security professionals shouldn't
lose hope. Effective patch management for third-party products is
possible, and contributor Ed Skoudis has the tools to do it.
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- Oct. 17, 2007
Paul Henry of Secure Computing warns of a new threat to companies
with VoIP and Web 2.0 functionality, and a researcher questions the
quality of a recent security update for AOL Instant Messenger.
Also: Oracle patches security flaws across its product line.
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Oct. 8, 2007
@37857Security Squad: Virtualization security; iPhone attacks; PCI
DSS
The SearchSecurity.com editorial team discusses the
debate brewing over the security of virtualization in the wake of
VMware's success. Other topics include
HD Moore's attack platform for the iPhone and the latest
struggles with the Payment Card Industry Data Security Standards
(PCI DSS).
Download MP3
@21786 Security Wire Weekly -- Oct. 10, 2007
Michelle Stewart, CISO at AirTran Airways, explains how high
profile data security breaches and the Payment Card Industry Data
Security Standards impact the airline's IT security priorities.
Also a review of the week's news.
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- Oct. 9, 2007
Virtual Honeypots: From Botnet Tracking to Intrusion
Detection
In the latest edition of "Hot Type: Security Books in Audio,"
author and Google senior staff engineer Niels Provos explains the
cutting-edge technology that can keep an eye on the bad guys. After
a quick Q&A, Provos reads from Chapter 6 of his book,
Virtual Honeypots: From Botnet Tracking to Intrusion
Detection. In his selection, the author reveals how the virtual
tools can be used to collect and analyze malware.
Download MP3
After listening to the podcast, read an excerpt from
Chapter 11: Tracking Botnets.
Podcasts for the week of Oct. 1, 2007
@21787Threat Monitor -- Oct. 4, 2007
How 'evil twins' and multipots seek to bypass enterprise Wi-Fi
defenses
Enterprise Wi-Fi threats are an ever-present struggle for security
managers, and the most simplistic attack methods are often the most
effective. In this tip, contributor Noah Schiffman explains how
"evil twin" attacks work and why its sister attack method, the
multipot, can bypass wireless IPS with remarkable success.
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- Oct. 3, 2007
Code Green CEO Sreekanth Ravi explains why his company is gearing
its latest data protection offering toward SMBs. Also, Google fixes
a serious Gmail flaw.
Download MP3 | Subscribe to
Security Wire Weekly
@33277Security Newsmaker: Pedram Amini
Pedram Amini, head of TippingPoint's security research group,
co-wrote the recently-released book, "Fuzzing: Brute Force
Vulnerability Discovery," and recently unveiled the new Sulley
fuzzing framework. In this conversation, he talks about the book
and explains how the Sulley framework will take fuzzing to the next
level.
Download MP3
Podcasts for the week of Sept. 24, 2007
@21786 Security Wire Weekly -- Sept. 26, 2007
Zulfikar Ramzan, senior principal researcher at Symantec, talks
about the vendor's Internet Threat Report, including the rising use
of crimeware. Also, a review of the week's news.
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Sept. 17, 2007
@21787Threat Monitor -- Sept 20, 2007
Windows Update attacks: Ensuring malware-free
downloads
Attackers recently discovered how to exploit the Windows Update
service to push malware onto targeted systems. Is the new attack
possible because of a flaw in Windows Update itself? Or is it
because users just aren't being careful? Michael Cobb investigates
how malicious hackers have taken advantage of Windows Update.
Fortunately, the fix is easier than you think.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- Sept. 19, 2007
University of Washington CISO Kirk Bailey talks about AGORA, an
alliance of IT security professionals he founded. Also, a look at
the latest Windows zero-day flaw and a report on how attackers may
be exploiting the widgets Web users take for granted.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Sept. 10, 2007
@21786 Security Wire Weekly -- Sept. 12, 2007
Eric Schultze, chief security architect of Shavlik Technologies,
discusses Microsoft's latest round of updates. Yuval Ben Itzak
talks about the growing use of crimeware rootkits.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- Sept. 11, 2007
Securing VoIP Networks: Threats, Vulnerabilities, and
Countermeasures
In our latest installment of "Hot Type: Security Books in Audio,"
Peter Thermos, author and CTO of Palindrome Technologies, reviews
the current state of VoIP security. After a brief Q&A, Thermos
reads from Chapter 3 of his book, Securing VoIP Networks:
Threats, Vulnerabilities and Countermeasures. His selection
reveals some of the most common attacks related to telephony
services.
powered by
ODEO
Download MP3
After listening to the podcast, read an excerpt from
Chapter 6: Media Protection Mechansims.
Podcasts for the week of Sept. 3, 2007
@21787Threat Monitor -- Sept 6, 2007
Fight viruses with your USB flash drive
Information security pros often spend much of their days away from
their desks. So when malware strikes -- in the form of a worm,
virus or worse -- it can be helpful to have a USB thumb drive
loaded up with valuable remediation tools at the ready. In this
tip, Ed Skoudis reveals his list of the most important weapons in
any portable malware-defense kit -- and they're all free.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- Sept. 5, 2007
TippingPoint security researcher Pedram Amini explains why the
Sulley fuzzing framework is an important development in the quest
to uncover software vulnerabilities. Also, a new flaw is found in
Firefox and MIT fixes flaws in its widely-used Kerberos
program.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@33277Security Newsmaker: Window Snyder
Mozilla security chief Window Snyder compares the security of her
organization to that of her former employer, Microsoft.
powered by
ODEO
Download MP3
Podcasts for the week of Aug. 27, 2007
@21786 Security Wire Weekly -- Aug. 29, 2007
Kerry Bailey, Cybertrust's former senior vice president of global
services, discusses his new role heading up the integration of
Cybertrust into Verizon. Also, a review of the week's
news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Aug. 20, 2007
@21786 Security Wire Weekly -- Aug. 22, 2007
Cisco's Lynn Lucas talks about her company's wireless security
challenges, and eEye Digital Security CEO Kamal Arafeh refutes
rumors that his company is struggling.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Aug. 13, 2007
@21787Threat Monitor -- August 16, 2007
Finding malware on your Windows box (using the command
line)
Security professionals typically overlook the Windows command line,
instead spending their time with more complex GUI-based forensics
tools. In this tip, Ed Skoudis explains how just a few command-line
tricks can help users closely examine the configuration of a
Windows machine and discover whether a box is infected by
malware.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- Aug. 15, 2007
This week, F-Secure's Mikko Hypponen warns that the iPhone could
inspire a surge in mobile malware threats. Also, Microsoft releases
a mega security update, and TJX reports that costs associated with
its massive data breach have soared to $225 million.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- Aug. 14, 2007
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing has evolved into one of today's most effective ways to test
software security. Although there is no "correct" approach to the
bug-finding technique, every fuzzing method has similar phases. In
our latest installment of "Hot Type: Security Books in Audio," SPI
Dynamics' security evangelist Michael Sutton reads from Chapter 2
of his book, Fuzzing: Brute Force Vulnerability Discovery,
explaining each step in the testing process.
Download MP3
After listening to the podcast, read an excerpt from
Chapter 21: Fuzzing Frameworks.
Podcasts for the week of Aug. 6, 2007
@21786 Security Wire Weekly -- Aug. 8, 2007
David Foote of Foote Partners shares his latest research on the
value of IT security job skills and certifications. Also a wrap up
of the news from Black Hat 2007.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786 Security Wire Weekly, Black Hat Special Edition
Security researchers Brian Chess and Jacob West of Fortify Software
discuss penetration testing, secure software development and their
latest book. Also, a researcher warns that attackers could threaten
Vista users by exploiting Teredo, an IPv6 tunneling tool enabled by
default in the latest Windows OS.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of July 30, 2007
@21787Threat Monitor -- August 2, 2007
Metamorphic malware sets new standard in antivirus
evasion
Mutating computer viruses have been around for some time, but one
type of malware possesses the ability to constantly rewrite its own
code to successfully evade the most sophisticated antivirus
systems. Noah Schiffman explains how metamorphic malware works, how
it differs from polymorphic malware and which defense strategies
are best for enterprises.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly, Black Hat Special Edition for Aug. 2,
2007
In this special Black Hat edition of Security Wire Weekly, PGP
creator Phil Zimmermann and Peter Thermos of Palindrome
Technologies unveil tools to improve VoIP security.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786 Security Wire Weekly special: Security expert calls Web services
research lacking
Black Hat 2007 presenter Brad Hill, a principal security consultant
with Information Security Partners, said little research is being
done to test Web services security. Many holes are going unnoticed,
he said.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@37857Security Squad: Apple iPhone security, Google's security
moves
SearchSecurity.com editors discuss the state of Apple iPhone
security, Google's continued march into the security market and
vulnerability disclosure in the wake of the eBay-like vulnerability
auction site, WabiSabiLabi.
powered by
ODEO
Download MP3
Podcasts for the week of July 23, 2007
@21786 Security Wire Weekly -- July 25, 2007
Chris Haddad, director of technical architecture at the Burton
Group, lays out some of the serious threats facing Web services and
service oriented architecture development. Also, a review of the
week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of July 16, 2007
@21787Threat Monitor -- July 18, 2007
Unified communications infrastructure threats and defense
strategies
Unified communications systems promise exciting productivity gains
for workers and cost savings for businesses, but many often
underestimate the security threats facing them. John Burke outlines
the dangers facing unified communications and how to mount an
effective defense.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- July 18, 2007
Amichai Shulman from Imperva describes a flaw his organization
discovered in the Oracle E-Business Suite. The flaw was patched
Tuesday as part of Oracle's July 2007 CPU. Also, a summary of this
week's top IT security news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of July 9, 2007
@21786 Security Wire Weekly -- July 11, 2007
Security researchers Tom Cross and David Dewey of IBM's Internet
Security Systems X-Force research team discuss their team's
discovery of the Microsoft Active Directory flaw and Microsoft's
latest round of patches. Plus, a summary of the week's IT security
news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- July 10, 2007
Security Metrics: Replacing Fear, Uncertainty, and
Doubt
In our latest installment of "Hot Type: Security Books in Audio,"
author and analyst Andrew Jaquith reads from Chapter 8 of his book,
Security Metrics: Replacing Fear, Uncertainty, and Doubt.
Jaquith explains how professionals can create a comprehensive
scorecard that properly assesses an organization's security
performance.
powered by
ODEO
Download MP3
Need ways to improve the presentation of your security data?
Read an excerpt from
Chapter 6: Visualization
Podcasts for the week of July 2, 2007
@21787Threat Monitor -- July 5, 2007
Investigating logic bomb attacks and their explosive
effects
There are a lot of dirty and destructive pieces of software out
there, but a logic bomb may cause some of the most damage.
Triggered by the smallest of events, logic bombs can wreck
computers, networks, and even an organization's precious profits.
In this tip from our
Ask the Experts section, contributor Ed Skoudis explains how to
prepare for a hacker's detonation.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@26651 Countdown: Top 5 pitfalls of partner security
management
This week's featured podcast is from SearchSecurity.com's
Compliance School.
Corporations are constantly teaming up with businesses and service
providers to accomplish various tasks, but can these partnerships
make a company more susceptible to corporate data breaches? In this
brand-new Compliance School podcast, instructor Richard Mackey
examines the top five potential dangers of an extended
enterprise.
Listen to Countdown -- Top 5 consumer authentication technologies on the
market today
This podcast is part of SearchSecurity.com's Compliance School
lesson:
Ensuring compliance across the extended enterprise
Podcasts for the week of June 25, 2007
Burton Group Catalyst Conference 2007 Coverage:@21786Security Wire Weekly special edition -- Network security;
identity management
SearchSecurity.com reports from the Burton Group Catalyst
Conference in San Francisco. Burton Group vice president Phil
Schacter sums up the day's sessions on open and secure network
architectures. Conference attendees talk about their security
concerns including identity management and risk
assessments.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly special edition -- PCI audit
SearchSecurity.com reports from the Burton Group Catalyst
Conference in San Francisco. Diana Kelley, vice president and
service director at the Burton Group, explains the scope of a PCI
audit and how some auditors are pitching products and services. Dan
Jones, director of IT at the University of Colorado, explains his
school's ongoing PCI compliance initiatives.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- June 27, 2007
Cisco executives discuss the acquisition of security vendor
IronPort, plus a look at how one IT shop moved into the Vista fast
lane despite compatibility problems.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of June 18, 2007
@21787Threat Monitor -- June 21, 2007
Mergers and acquisitions: Building up security after an
M&A
Mergers and acquisitions are common headlines in today's
information security world, and that's great news for malicious
hackers and data thieves. When companies join forces, they often
leave themselves open to attack. In this tip, contributor Ed
Skoudis reviews the top merger-related threats and how to avoid
them.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786 Security Wire Weekly -- June 20, 2007
This week, former Microsoft CISO Karen Worstell talks about the
current state of security. Also, a summary of this week's news
including more consolidation in the security market with HP
acquiring SPI Dynamics and PatchLink merging with SecureWave.
(Runtime: 19:20)
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@33277Newsmaker podcast: Gary McGraw
In this SearchSecurity.com Newsmaker podcast, security luminary
Gary McGraw talks about how online gaming threats can affect
corporate IT shops.
powered by
ODEO
Download MP3
Podcasts for the week of June 11, 2007
@21786Security Wire Weekly -- June 13, 2007
Eric Schultze, chief security architect of Shavlik Technologies
helps prioritize Microsoft's Patch Tuesday bulletins. Jack Danahy,
founder and chief technology officer of Ounce Labs, discusses
Microsoft's proactive security posture and how it has affected
security in the software development lifecycle. Also, a summary of
this week's news. (Runtime: 26.59)
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@37857Security Squad: Database security, encryption
Information Security magazine editors Neil Roiter and
Michael Mimoso discuss
Google's foray into the security market and whether companies
should turn to
database encryption to meet the PCI Data Security Standard in
the wake of the TJX data security breach. Also the editors discuss
whether the
"month of" security flaw Web sites are helpful in securing
software or just shameless publicity by security researchers.
And finally, SearchSecurity.com News Writer Bill Brenner provides
analysis from the Gartner IT Security Summit in Washington.
(Runtime: 23:51)
powered by
ODEO
@32656 Hot Type -- June 12, 2007
The Art of Software Security Testing: Identifying Software
Security Flaws
Our "Hot Type: Security Books in Audio" podcast series offers free
book excerpts from today's top information security authors. In our
latest installment, Chris Wysopal, co-founder and chief technology
officer of security firm Veracode, reads from Chapter 2 of the book
The Art of Software Security Testing: Identifying Software
Security Flaws. The deck is stacked heavily against the
software developers, says Wysopal. In this podcast, Wysopal points
out the most common software design vulnerabilities. The co-author
details cryptography implementation, program attack surfaces, data
input validation and much more.
Download MP3
After listening to the podcast, read an excerpt from
Chapter 11: Local Fault Injection.
Podcasts for the week of June 4, 2007
@21786Security Wire Weekly -- June 6, 2007
Bryan Sartin, Cybertrust's vice president of investigative
response, talks about his company's merger with Verizon. Bruce
Schneier, chief technology officer of BT Counterpane, and Lloyd
Hession, CSO of BT Radianz, talk about life after their mergers
with British Telecom. Also, a review of the week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly Special - New hacking
technique
June 5, 2007
In an interview at the Gartner IT Summit in Washington, Yuval
Ben-Itzhak, chief technology officer of security vendor Finjan,
talks about a newly discovered hacking technique used by attackers
to avoid detection. (Runtime 3:56)
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of May 28, 2007
@26651 Countdown -- Top 5 consumer authentication technologies on the
market today
This week's featured podcast is from the
Identity and Access Management Security School.
In late 2005, the Federal Financial Institutions Examination
Council (FFIEC) issued guidance stating single-factor
authentication was no longer adequate for securing online banking
transactions. This guidance did not specify what types of
technologies would meet the requirement, but many vendors have
scrambled to develop cost-effective and easy product offerings that
can be deployed to the masses. In this podcast, Mark Diodati counts
down the top five vendor options.
Listen to Countdown -- Top 5 consumer authentication technologies on the
market today
Check out the rest of Mark Diodati's lesson:
Next-generation attacks
@21786Security Wire Weekly -- May 30, 2007
Snort creator and Sourcefire founder Marty Roesch talks about last
year's failed Check Point acquisition and his decision to take
Sourcefire public. Also, a summary of this week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of May 21, 2007
@33601 Security360 -- Industry Consolidation
Andy Jones, a researcher with the UK-based Information Security
Forum, explains how to develop an effective security strategy to
deal with large projects and defend the budget. Paul Adamonis,
director of security solutions at Forsythe Solutions Group, talks
about how to navigate industry consolidation by developing a buying
strategy; and Sandra Kay Miller gives her observations of the
industry and explains why some companies may not fare well in this
era of consolidation. (Runtime: 25:01).
powered by
ODEO
@21786Security Wire Weekly -- May 23, 2007
This week, security consultant Don Ulsch of Jefferson-Wells
discusses the risk of blogging on company-owned mobile devices.
Also, a summary of this week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of May 14, 2007
@37857Security Squad: Patch Tuesday -- May 18, 2007
SearchSecurity.com editors discuss whether Microsoft should abandon
Patch Tuesday, whether blogging is a security threat to corporate
systems, the state of Wi-Fi security and Verizon's acquisition of
CyberTrust.
powered by
ODEO
Download MP3
@21787Threat Monitor -- May 17, 2007
Windows Vista security flaws show progress, not
perfection
Microsoft has touted Windows Vista as its most secure operating
system ever. But if that's the case, why has it already been the
subject of several high-profile security problems? As Ed Skoudis
explains, despite its improvements, Vista's security posture is far
from perfect.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- May 16, 2007
Core Security's Ivan Arce discusses the pros and cons of
penetration testing, "month-of" flaw disclosure projects and
hacking contests. Also, a summary of the week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of May 7, 2007
@21786Security Wire Weekly -- May 9, 2007
Mark Allen, a patch analyst with Shavlik Technologies, discusses
Microsoft's recent updates, including the zero-day DNS patch and
the Exchange and Internet Explorer updates. Plus, a summary of this
week's IT security news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- May 8, 2007
Endpoint Security
In our latest installment of "Hot Type: Security Books in Audio,"
Mark S. Kadrich, president and CEO of The Security Consortium,
reads from Chapter 4 of his book Endpoint Security. Kadrich
explains how securing an endpoint is easy -- keeping it secure is
the real challenge.
Download MP3
Podcasts for the week of April 30, 2007
@37857Security Squad Roundtable: Mac hacks -- May 3,
2007
In the debut edition of SearchSecurity.com's Security Squad
news-talk podcast, editors debate the growing concern about Apple
security and whether Apple really cares about keeping its products
secure, the emergence of Google hacking as an enterprise data
security threat and the pros and cons of "dumbing down" the PCI
Data Security Standard.
powered by
ODEO
Download MP3
@21786Security Wire Weekly -- May 2, 2007
Sven Krasser from Secure Computing discusses new and dangerous
techniques the bad guys are working into image spam. Plus, a
summary of this week's IT security news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@26651 Top 5 next-generation messaging attacks that antivirus systems
can't catch
This week's featured podcast is from
Messaging Security School.
Malicious messaging attacks, such as worms and embedded code in Web
pages, are wreaking havoc on enterprise IT systems. How do these
attacks work and what can you do? In this podcast, guest instructor
Mike Rothman counts down the top five next-generation messaging
attacks that antivirus systems can't detect.
Listen to Top 5 next-generation messaging attacks that antivirus systems
can't catch
Check out the rest of Mike Rothman's lesson:
The changing threat of email attacks
Podcasts for the week of April 23, 2007
@33601 Security360: Endpoint encryption
Burton Group senior analyst Trent Henry explains the most effective
approach to endpoint security and the pros and cons of full disk
encryption, Roger Herbst, a senior IT specialist with the Timken
Company talks about how he led his company's deployment of full
disk encryption on about 5,000 employee laptops, and Charles King,
principal analyst of Pund-IT Research discusses Seagate's new
encrypted hard drive. (Runtime: 20:43)
powered by
ODEO
Download MP3
@21786Security Wire Weekly -- Apr. 25, 2007
Steven Adler, leader of IBM's Data Governance Council, talks about
how companies can respond to identity theft and data
breaches.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@33277Security Newsmaker: Howard Schmidt
In the third installment of SearchSecurity.com's 2007 Security
Newsmakers podcast series, security luminary Howard Schmidt talks
about his latest book and about the private sector's role in
securing cyberspace.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly and Security Newsmakers
Podcasts for the week of April 16, 2007
@21787Threat Monitor -- April 19, 2007
Reputation systems gaining credibility in fight against
spam
Now that nearly all organizations are employing some sort of
antispam technology, spammers know their only hope for success lies
with outwitting spam-detection strategies. But as Mike Rothman
writes, the emergence of reputation-based systems is making it
easier to weed out spam before it ever reaches the network
gateway.
View the rest of our brand-new
Messaging Security Schoollesson:
The changing threat of email attacks.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Apr. 18, 2007
Ed MacNair, CEO of email security vendor Marshal, talks about spam,
data breaches and the future of AV. Also, a look at the week's
news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of April 9, 2007
@21786Security Wire Weekly -- Apr. 11, 2007
This week security luminary Gary McGraw explains why attacks
against online gamers are also a problem for IT shops. Also, a
summary of the week's news headlines.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- April 10, 2007
Counter Hack Reloaded
This edition of "Hot Type: Security Books in Audio" features a
chapter from the book, Counter Hack Reloaded: A Step-by-Step
Guide to Computer Attacks and Effective Defenses, published by
Prentice Hall. Listen to security consultant and information
security author Ed Skoudis as he explains how to detect
application-level Trojan backdoors and even stealthier
rootkits.
powered by
ODEO
Download MP3
Podcasts for the week of April 2, 2007
@21787Threat Monitor -- April 5, 2007
Polymorphic viruses call for new antimalware
defenses
Attackers are always looking for innovative ways to dodge antivirus
software, and many of the bad guys are now creating polymorphic
code to do just that. But it's not just the malware writers who are
raising the bar. In this tip from our
Ask the Experts section, contributor Ed Skoudis explains how
antimalware vendors are responding to this emerging
threat.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Apr. 4, 2007
Security researcher Sean Barnum of Cigital, Inc. tells how IT
professionals can use a set of attack patterns to keep enterprises
a step ahead of digital miscreants. Also, a summary of the week's
news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of March 26, 2007
@21786Security Wire Weekly -- Mar. 28, 2007
This week, Secure Computing CTO Paul Judge talks about how former
CipherTrust customers are faring nearly nine months after that
company was absorbed by Secure Computing. Also, a summary of the
week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of March 19, 2007
@21786Security Wire Weekly -- Mar. 21, 2007
This week, IT pros talk about how to go from IT geek to security
rock star, while industry experts discuss the difficulties of
deploying NAC. Also, a summary of the week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- March 20, 2007
Software Security -- Identifying software security flaws and
bugs
In the latest edition of "Hot Type: Security Books in Audio,"
Cigital CTO Gary McGraw reads a selection from his book Software
Security: Building Security In. Download this podcast today to
learn about the software issues plaguing software design.
powered by
ODEO
Download MP3
@32656 Hot Type -- March 20, 2007
Software Security -- The three pillars
"Hot Type: Security Books in Audio" continues with Cigital CTO Gary
McGraw, as he reads another chapter excerpt from his book
Software Security: Building Security In. In this audio
podcast, McGraw explains his three-pillar approach to safe software
development.
powered by
ODEO
Download MP3
Podcasts for the week of March 12, 2007
@21787Threat Monitor -- March 15, 2007
Plentiful VoIP exploits demand careful
consideration
Enterprise VoIP vendors may tout "plug-and-play" products that are
ready to run right out of the box, but those vendors may not be
taking security into consideration. As information security threats
expert Ed Skoudis writes, there are many potential VoIP threat
vectors, but packet-based telephony services can be secured with
due diligence and adherence to best practices.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@33601 Security360: SOA and Web Services Security
SearchSecurity.com's Security360 podcast offers fresh perspectives
-- from vendors, experts and infosec pros -- on a variety of
complex information security issues. In our debut episode, we
examine the state of security for service-oriented architectures
and Web services. ZapThink analyst Jason Bloomberg offers an
overview of the security issues unique to SOA environments, while
executives from SAP and Oracle discuss how they address SOA
security in their software. (Runtime: 29:45)
powered by
ODEO
Download MP3
@21786Security Wire Weekly -- Mar. 14, 2007
Michael Sutton of SPI Dynamics introduces a software-testing
technique called fuzzing and discusses how it can be applied to the
software development cycle. Also, Apple releases a mega-fix, Go
Daddy investigates a DDoS attack and IT pros report few
daylight-saving time problems.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of March 5, 2007
@33277
Security Newsmaker: Greg Garcia
In Episode 2 of our Security Newsmakers podcast series,
Information Securitymagazine's Michael Mimoso and Marcia
Savage, ask cyber security chief Greg Garcia about his priorities
moving forward and get his take on the current threat environment.
Garcia attended RSA Conference 2007 in February and told conference
attendees that government, enterprises and academia need to work
together to fight growing Internet threats.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly and Security Newsmakers
@21786Security Wire Weekly -- Mar. 7, 2007
This week, IT professional Alphonse Edouard discusses what he's
doing to prepare his company for this weekend's change to
daylight-saving time, and whether it will interfere with his
security patching. Plus, a troubled McAfee hires a new CEO and
Mozilla fixes another Firefox flaw.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- Mar. 5, 2007
In this special edition of Security Wire Weekly from the Black Hat
DC Conference, database security expert Amichai Shulman explains
why attackers are targeting communication protocols to gain access
to critical files. Shulman, chief technology officer and founder of
Imperva calls the threat serious and also gives mitigation steps to
defend against it.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of February 26, 2007
@21787Threat Monitor -- March 1, 2007
The security risks of Google Notebook
Security practitioners know to keep sensitive information under
lock and key, but as Web services proliferate, ensuring that
information remains private is more difficult than ever. In this
tip, Ed Skoudis examines how one of Google's latest Web
applications, Google Notebook, can lead to accidental exposure of
sensitive data, and provides five ways to reduce the chances of a
data leak.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Feb. 28, 2007
This week, Senior News Writer Bill Brenner talks to security
luminary Howard Schmidt about his new book and recaps the week's
news headlines.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of February 19, 2007
@33277
Security Newsmaker: David Maynor
In Episode 1 of SearchSecurity.com's Newsmaker podcast series,
researcher David Maynor talks about the threat to laptop wireless
cards and the stir a demonstration caused at last year's Black Hat
conference. Listen to our Newsmaker Rapid-fire Q&A segment.
(Runtime: 13:43)
HIGHLIGHTS:
1:13 - Some people complained that Apple was being unfairly
targeted.
2:51 - The flaws discovered as a result of the Black Hat
presentation.
4:47 - The response from security vendors when notified of a
wireless problem.
8:41 - Maynor explains the biggest threats to enterprises.
11:00 - Newsmaker rapid-fire Q&A.
powered by
ODEO
Download MP3
@21786Security Wire Weekly -- Feb. 21, 2007
This week, IT administrator Susan Bradley discusses the potential
security implications of changes to daylight-saving time. Also, a
summary of the week's news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of February 12, 2007
@21787Threat Monitor -- February 15, 2007
Pod slurping: The latest data threat
Allow iPods in the office? Perhaps it's time to reevaluate that
device policy, as iPods pose more danger to the corporate network
than it might seem. In this tip, contributor Peter Giannoulis
introduces pod slurping, the latest hacking technique, and explains
how revising corporate policies can prevent potential data
leaks.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Feb. 14, 2007
This week, Yankee Group analyst Andrew Jaquith discusses his new
book on security metrics and highlights the themes that emerged
from RSA Conference 2007. Also, a discussion about Microsoft's
recent batch of patches.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of February 5, 2007
@21786Security Wire Weekly -- Feb. 8, 2007
In this special edition of Security Wire Weekly from RSA Conference
2007, Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and
co-founder of Russia's Kaspersky Lab, talks with Information
Security magazine's Michael S. Mimoso about the state of the
antivirus market, the need for a new Interpol-like worldwide
organization to fight cybercrime and why he's confident Microsoft
won't be a significant force in the AV realm for a long time to
come.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- Feb. 8, 2007
RSA Conference 2007 attendees talk about issues with Microsoft NAP
and Cisco NAC, the viability of investing in Windows Vista,
identity management, authentication, Web services security, and Web
2.0 attacks. Take the pulse of this week's event in this special
edition of Security Wire Weekly.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- Feb. 8, 2007
In this special edition of Security Wire Weekly from RSA Conference
2007, Federal Trade Commission Chairwoman Deborah Platt Majoras
tells Information Security magazine Editor Michael S. Mimoso that
the agency is not only working to crack down on companies that
leave consumer data vulnerable to attack, but is also developing
ways to help companies avoid data breaches.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- Feb. 7, 2007
In this special edition of Security Wire Weekly from RSA Conference
2007, information security pros say it's hard to imagine a day when
all of an organization's security needs can be served by one
infrastructure provider, even though RSA Security's Art Coviello
believes industry consolidation and simplification are
inevitable.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- Feb. 7, 2007
Is 2007 the last time Bill Gates will headline the RSA Conference?
Information Security magazine's Michael S. Mimoso explains why this
may be the Microsoft chairman's RSA swan song, and conference
attendees share their reaction to the software giant's refined
security strategy. Listen to this special edition of Security Wire
Weekly.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@21786Security Wire Weekly -- Feb. 6, 2007
In this special Security Wire Weekly edition from RSA Conference
2007, David Drab, principal of Xerox Global services, talks about
steps his company is taking to address customers' security
concerns. The former FBI employee also talks about computer
terrorism and what he sees as the current threats.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
@32656 Hot Type -- February 5, 2007
Defensible Network Architecture
Check out our first installment of "Hot Type: Security Books in
Audio" featuring a selection from the book, Extrusion Detection:
Security Monitoring for Internal Intrusions, published by
Addison Wesley. Listen to author Richard Bejtlich as he reads a
selection from Chapter 2: Defensible Network Architecture. Download
this podcast today to learn the components of a defensible network
and the strategies necessary to monitor it.
powered by
ODEO
Download MP3
@21786Security Wire Weekly -- Feb. 5, 2007
In this special edition of Security Wire Weekly from RSA Conference
2007, eEye CTO Marc Maiffret talks about how he's already
discovered cracks in Windows Vista.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Jan. 29, 2007
@21787Threat Monitor -- February 1, 2007
Is the CAN-SPAM Act a help or a hindrance?
Three years have passed since CAN-SPAM was enacted, but has this
legislation truly contained unsolicited commercial email? In this
tip, contributor Joel Dubin discusses whether the law has
effectively cracked down on spamming activities and examines how to
put a stop to this email misuse.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Jan. 31, 2007
This week, data security expert David Taylor examines the TJX data
breach and explains how companies can avoid a data breach crisis.
Listen on your PC or download to your favorite mobile
device.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Jan. 22, 2007
@21786Security Wire Weekly -- Jan. 24, 2007
This week, Mozilla security chief Window Snyder explains her
organization's patch process and compares it to the way Microsoft
releases Internet Explorer patch bulletins. Also, a summary of the
news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Jan. 15, 2007
@21787Threat Monitor -- January 18, 2007
Ten emerging malware trends for 2007
From phishing threats to zero-day flaws, hackers have certainly
developed many sophisticated ways to exploit vulnerabilities for
their gain. And, as SearchSecurity.com's information security
expert Ed Skoudis explains, new methods are constantly being
discovered. In this tip, Skoudis outlines 10 emerging malware
trends and provides tools and tactics to defend against
them.
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Jan. 17, 2007
This week, Yuval Ben-Itzhak, chief technology officer of Finjan
Inc., explains the growing use of dynamic code obfuscation by
hackers to hide malicious code. Plus all the week's top information
security news.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Jan. 8, 2007
@21786Security Wire Weekly -- Jan. 10, 2007
This week, Andrew Storms of nCircle discusses Microsoft's January
patch release. Microsoft is doing the best it can, but concern
exists about open Zero-day Word flaws, Storms says.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
Podcasts for the week of Jan. 1, 2007
@21787Threat Monitor -- January 4, 2007
Eight top information security events of 2006
From WMF exploits to the Veterans Affairs data breach, information
security threats were plentiful in 2006. In this tip, contributor
Joel Dubin reviews what grabbed the attention of hackers in the
information security world in 2006 and explains how they set the
tone for 2007.
powered by
ODEO
Download MP3 | Subscribe to
Threat Monitor
@21786Security Wire Weekly -- Jan. 3, 2007
Concluding our special edition of Security Wire Weekly, Site Editor
Eric Parizo reveals his picks for top information security
interviews of 2006. Learn about the growing danger of cross-site
scripting attacks; network access control interoperability plans
for Cisco's NAC and Microsoft's NAP architectures; and the state of
Mac OS security in the enterprise. Audio clips in this program
include Andrew Braunberg of Current Analysis; Johannes Ullrich of
the SANS Internet Storm Center; Mike Rothman of Security Incite and
Brian Chess of Fortify Software.
powered by
ODEO
Download MP3 | Subscribe to
Security Wire Weekly
2006 podcast archive2005 podcast archive