Dennis Fisher talks with Chris Soghoian, a principal technologist at the ACLU, about the developing market for buying and selling exploits and vulnerabilities. Soghoian has been a vocal critic of exploit sales and in this podcast he discusses the reasons why and why he thinks the policymakers in Washington need to get involved.
Browsing Category: Podcasts
Dennis Fisher talks with Gary McGraw of Cigital about the release of the BSIMM4 data, how software security programs have matured in the last four years and how the government has become distracted by cyberwar and is ignoring software security, to its detriment.
Dennis Fisher talks with Mike Mimoso, the new editor of Threatpost, about his decade covering security, how the industry and threat landscape have changed and how security researchers are like Bill Parcells.
Dennis Fisher talks with Al Huger of Sourcefire about the difficulty of tracking down the source of a malware infection, whether organizations should care about attribution after discovering an attack and why playing defense is so difficult.
Dennis Fisher talks with Cesar Cerrudo of IOActive Labs about his research project that used Fortune 500 executives’ corporate email addresses as the starting point to gather data about their online activities. Cerrudo found that he was able to map executives’ activities across a wide range of e-commerce, social networking and other sites with just an email address.
Dennis Fisher talks with Joe Stewart of the Dell SecureWorks Counter Threat Unit about his team’s new research on the landscape of APT malware families, who is behind the use of these tools and how poorly prepared most organizations are for attacks by these crews.
Attackers are now using DDoS services that offer attacks on telecommunication systems as part of larger attack schemes. These attacks, known as TDoS attacks, can be a relatively cheap option for cybercriminals looking into diversifying their attack vectors.
Dennis Fisher talks with botnet researcher Jose Nazario about whether botnet takedowns are worth the effort, the evolution of attack techniques and whether we can ever get the upper hand on attackers.
The past week has brought to light more revelations about the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.
Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better trust agility for users.