It’s Episode 2 — and I’m sure you all know what that means…
… no more talk of midichlorians.
And the continuing saga of 4 infosec nerds who will attempt to do what has never been done before… bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil.
DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.
In this episode:
- Breach Week – Linkedin, eHarmony, last.fm
- Linkedin bad incident response and Leakedin
- VUPEN Hacked or Not?
- Google’s Attack Warnings
- More news on Flame – turns out it is ground breaking (at least form a crypto perspective) – and itâ€™s got MS worried – but thereâ€™s more, it can work with non-connected systems and relies on human mules – also, Flame falls on its sword
- Skimmers show up in the Ontario Government
- Small business owners donâ€™t follow good security practices and donâ€™t think theyâ€™re at risk (surprise!)
- Foot In The Door
- never store passwords in plain text
- when using hashes (SHA1 etc…) SALT please!
- donâ€™t use MD5
- never use the same password twice (space or time)
- authN vs authZ
- retrofitting old auth systems & whatâ€™s wrong with hashes
- two factor auth (tokens, soft tokens) DIY Options:Google or Wikid
- building auth properly (openID, Google Login, Facebook Connect)
- handling a password compromise properly
- Hi LM! Does my company need a CISO? …thanks! Jeff, California
Creative Commons license: BY-NC-SA