Serious About Security

Serious About Security
By Preston Wiley, Mike Hill, and Keith Watson
About this podcast
Preston Wiley, Mike Hill, and Keith Watson discuss interesting topics in information security and privacy. This biweekly podcast covers topics that range from the latest software vulnerabilities to security tools to legal issues. The Serious about Security Podcast is brought to you by the Greater Lafayette Security Professionals (GLSP) group, Secure Purdue, and the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
Latest episodes
Dec. 20, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Research shows how MacBook Webcams can spy on their users without warning by Ashkan Soltani and Timothy B.Lee (The Washington Post), FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance by Craig Timberg and Ellen Nakashima (The Washington Post), iSeeYou: Disabling the MacBook Webcam Indicator LED by Matthew Brocker and Stephen Checkoway (Technical Report 13-02, Department of Computer Science, Johns Hopkins University) Liberty and Security in a Changing World by The President’s Review Group on Intelligence and Communications Technologies, White House panel recommends new limits on NSA surveillance by Ken Dilanian and Christi Parsons (Los Angeles Times), Obama Is Urged to Sharply Curb N.S.A. Data Mining by David E. Sanger and Charlie Savage (The New York Times), Obama review panel: strip NSA of power to collect phone data records by Dan Roberts and Spencer Ackerman (The Guardian), EFF Statement on President’s Review Group’s NSA Report by Rebecca Jeschke (The Electronic Frontier Foundation)
Dec. 13, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles For Nearly Two Decades the Nuclear Launch Code at All Minuteman Silos in the United States was 00000000 by Karl Smallwood (Today I Found Out), ‘Secret’ Nuclear Missile Launch Code During Cold War Was ‘00000000’ by Ryan Grenoble (The Huffington Post), Zero protection from nuclear code by Oliver Burkeman (The Guardian), Keeping Presidents in the Nuclear Dark by Bruce Blair (Bruce Blair’s Nuclear Column), For nearly 20 years, the launch code for US nuclear missiles was 00000000 by Lisa Vaas (nakedsecurity blog), Permissive Action Links by Steven M. Bellovin Further improving digital certificate security by Adam Langley (Google Online Security Blog), Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France by Paul Ducklin (nakedsecurity blog), Google catches French finance ministry pretending to be Google by David Meyer (GigaOM)
Dec. 7, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Forward Secrecy (Wikipedia), Twitter Enables Perfect Forward Secrecy Across Sites To Protect User Data Against Future Decryption by Matthew Panzarino (TechCrunch), Forward Secrecy at Twitter by Jacob Hoffman-Andrews (Twitter Engineering Blog), Pushing for Perfect Forward Secrecy, an Important Web Privacy Protection by Parker Higgins (EFF Deeplinks Blog) Google, Facebook, payroll accounts targeted in major password theft, security experts say by Hayley Tsukayama (The Washington Post), 2 Million Stolen Facebook, Yahoo And Google Passwords Posted Online by Alexis Kleinman (The Huffington Post), Look What I Found: Moar Pony! by Trustwave SpiderLabs
Nov. 20, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Our Commitment to Protecting Your Information by Marissa Mayer (Yahoo!), After N.S.A. Disclosures, Yahoo Moves to Encrypt Internal Traffic by Nicole Perlroth (NY Times Bits Blog), Yahoo Will Follow Google In Encrypting Data Center Traffic, Customer Data Flow By Q1 ’14 by Matthew Panzarino (TechCrunch), Google encrypts data amid backlash against NSA spying by Craig Timberg (The Washington Post) Expert to warn Congress of HealthCare.gov security bugs by Reuters, Hackers throw 16 attacks at HealthCare.gov plus a DoS for good measure by Lisa Vaas (nakedsecurity blog), Healthcare.gov ‘may already have been compromised,’ security expert says by FoxNews.com
Nov. 15, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Facebook Warns Users After Adobe Breach by Brian Krebs (Krebs on Security), Facebook mines Adobe breach data for reused passwords, warns users to change them or disappear by Liam Tung (ZDNet), Anatomy of a password disaster - Adobe’s giant-sized cryptographic blunder by Paul Ducklin (naked security blog) IE zero-day exploit disappears on reboot by Shona Ghosh (PC Pro), IE Zero Day Watering Hole Attack Injects Malicious Payload into Memory by Michael Mimoso (threat post)
Nov. 10, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Articles Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps by Dan Goodin (Ars Technica), badBIOS by Bruce Schneier (Schneier on Security), Security researcher says new malware can affect your BIOS; communicate over the air by Ian Paul (PCWorld), ‘BadBIOS’ System-Hopping Malware Appears Unstoppable by Marshall Honorof (Tom’s Guide), The badBIOS Analysis Is Wrong. by Phillip Jaenke NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say by Barton Gellman and Askan Soltani (Washington Post), How the NSA’s MUSCULAR tapped Google’s and Yahoo’s private networks by Sean Gallagher (Ars Technica), How we know the NSA had access to internal Google and Yahoo cloud data by Barton Gellman, Askkan, and Andrea Peterson (Washington Post)
Nov. 1, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Ten Steps You Can Take Right Now Against Internet Surveillance by Danny O’Brien (EFF) Major Corporations Fail to Defend Against Social Engineering by Michael Mimoso ()
Oct. 25, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Apple’s iCloud iConundrum - does convenience mean insecurity? by Chester Wisniewski (nakedsecurity), Cracking and Analyzing Apple’s iCloud Protocols  by Vladimir Katalov (Hack in the Box Malaysia) Call yourself a ‘hacker’, lose your 4th Amendment right against seizures by John Leyden (The Register), Call Yourself A Hacker, Lose Your 4th Amendment Rights by Dale Peterson (Digital Bond), Battelle Energy Alliance, LLC v. Southfork Security, Inc. et al
Oct. 18, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Articles Is Truecrypt Audited Yet?, The TrueCrypt Audit Project, New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks by Cyrus Farivar (Ars Technica), Let’s audit Truecrypt! by Matthew Green (A Few Thoughts on Cryptographic Engineering) Destructive malware “CryptoLocker” on the loose - here’s what to do by Paul Ducklin (nakedsecurity), CryptoLocker Ransomware Information Guide and FAQ by Lawrence Abrams (bleepingcimputer.com)
Oct. 12, 2013
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Attacking Tor: how the NSA targets users’ online anonymity by Bruce Schneier (The Guardian), NSA and GCHQ target Tor network that protects anonymity of web users by James Ball, Bruce Schneier and Glenn Greenwald (The Guardian), ‘Tor Stinks’ presentation – read the full document on The Guardian Is Microsoft recycling old Outlook.com and Windows Live email accounts? by Lee Munson (nakedsecurity blog), Microsoft is quietly recycling Outlook email accounts by Andreas Udo de Haes (PC World)