Rank #1: Private Web Surfing – Episode 031
If I said UIDH would that mean anything to you? No? Maybe? It does now? There’s been a recent computer information security community discovery about Verizon (and other companies) and how they are injecting a unique identification header into their customer’s web traffic.
What does that mean?
That’s a great question. If only Max were here we could ask him and then record his answer and maybe have some banter between us and then have Max edit it together into a… WAIT A MINUTE! That sounds just like episode 31 of our podcast! Holy cats! You should click and listen and learn about all of this.
Did we mess up? Did we get something wrong? Add your two cents (remember we’re Canadian so there might be an exchange rate) tweet us, leave a comment on this post or send us an email to feedback at in-security.org
Dec 08 2014
Rank #2: Tracking U – Episode 46
EP046 Tracking U
This week we talk about online (spoilers: And offline) tracking and the people who do it.
It’s a banner year at the old in-security family, two count on the podcast front and another on the way?!
We discuss Microsoft, google, facebook and the way they go about collecting data from unsuspecting internet users. We also take an in-depth look at cookies and how they are now used for more than ever intended.
Delicious delicious cookies. Used for tracking? next you’re going to tell me that brownies can be used to get you stoned.
Originally Recorded May 2, 2018
May 30 2018
Rank #3: Meltdown Inspector – Episode 45
EP045 Meltdown Inspector
Our first (read: only?) episode for 2018 and we’re ready to talk about Meltdown and Spectre, the new class of hardware vulnerabilities that hadn’t really even been considered prior to this discovery!
We even have some housekeeping in this episode. Who would have thought with like a half year since the last EP that there was any new developments?!
So yeah, we got a lot of great content. This is a delightful reboot. Let’s hope there’s more to come! (this year)
Originally Recorded March 21, 2018
Mar 28 2018
Rank #4: Hardening is Haaaard – Episode 013
As episodes go 013 is a fun & lucky one! We are talking about hardening, we provide a general overview, we provide some ways you can follow along at home to learn on your own and we probably talk complete trash at some point since that’s how we roll! There’s even a b-bomb in this one that I wasn’t expecting, if that’s not enough of a teaser how about this?
You will never believe what we cut out of this episode. It was SO cut out of the episode it will never be available to you, the listeners!
To be honest I am not sure what it was either but this is the kind of tripe news aggregation websites have to resort to to get people to click something on Facebook and they’re consummate professionals are they not?
Hardening is not as dirty as it sounds, I think… It can be summed up as securing infrastructure by eliminating unnecessary weak points. In our context infrastructure means desktops, workstations, routers, network hubs, servers etc. so I think securing means closing open doors, shutting open ports, turning off apps & services that you don’t need, making sure you close the fridge because you aren’t paying to cool the neighbourhood, and locking the front door when you leave the house.
Come to think of it, I’m not 100% sure how accurate any of that is, I should probably give the episode another listen.
Feb 20 2014
Rank #5: Let’s talk about stacks baby! – Episode 014
We talked about web vulnerabilities and the markup languages, and interpretation of scripts, but those aren’t real programs running on your computer. This time we’re going to get a little more advanced and talk about programming and execution within the computer drawing back to the first few episodes. It’s detailed but will be the bedrock for the more advanced topics we’ll be discussing in vulnerabilities within applications running on a computer. We mention stacks and cover a great dummy program to really tie this episode together into what I lovingly call the greatest episode ever of any podcast on the internet*.
Actually I kinda felt we used the word stacks so much that I really latched onto it after editing this episode. For that I apologize. But it lead to the zany title and really confusing title image this week.
We also ran into some perceived quality issues with this week’s episode. After some finessing in the editing studio in the spacious west wing of the guest house in stately Max-Manor Max assures me with aplomb that this is resolved. As always if you disagree with Max please feel free to leave us comments below, Tweet us on twitter or email us via email.
*With the possible exception of some of the other podcasts on the internet and episodes that they had.
Mar 04 2014
Rank #6: Security on a Cellular Level – Episode 022
This week was a topic I wanted to take a look at as it’s becoming a growing concern and there is currently no CLEAR winner from the end user perspective. We discuss security on cellular devices.
Cellular security is a growing concern since a lot of the new devices have their “Always on” internet connections and become a frequent source for secure and insecure communication.
Businesses both large & small with security concerns really have to take a look at these treacherous devices. Like with many of the topics we’ve discussed this really ends up being summarized as a trade-off of security to inconvenience.
As cellular security really becomes more prevalent we, as professionals and enthusiasts, really need to take them seriously.
Hopefully in the next couple years we’ll see multi-sim or multi-profile phones become more the norm and we might have another rise of RIM or a similar trend towards remote device management for the security professionals but for now tune in for our general review of options you can do yourself!
Jun 09 2014
Rank #7: Open Source Security Architecture Group – Episode 034
Oh boy do we have an episode for you!
This is our first ever interview and with an entertaining guy Rob Fuller also known as Mubix. He took the time to discuss with us (well, Max mostly) The plans for the Open Source Security Architecture Group.
Or at least he tries to once Max gets done his fanboy tirades.
“Well that’s all well and good” you say “But just what is this Open Source Security Architecture Group?” You ask, incredulously.
I mean, if you actually do say either of those two things I should probably get out of podcasting and into prognosticating.
BUT I DIGRESS!
I don’t want to spoil the fun for you because we have the one person on the planet better qualified to explain it to you and that is of course it’s founder and we can have him explain it in the only method better than me writing this blog post and that would be this podcast.
Wow that was a terrible stretch, just listen would you?
Originally Recorded March 11th 2015
The post Open Source Security Architecture Group – Episode 034 appeared first on In-security Podcast.
Mar 17 2015
Rank #8: Seven Layer Burrito – Episode 009
Max is literally 0 milligrams lighter this episode without his Movember monthstache and you can hear the relief in his voice as he takes us delving into the delicious world of the seven layer OSI model.
What is an OSI model you ask?
That’s an excellent question!
Can I answer it?
Not without ruining THE ENTIRE EPISODE…
Is there really 7 layers?
Could there be an eighth layer?
What if I order 2 burritos and pile them on top of one another to make a 14 layer bad mother burrito?
SOME OF THESE ANSWERS AND MORE! So you might as well click on the links below to get your LEARN on! (or fire up your favorite podcatcher with the above subscription links)
We discuss popular sandwich alternatives and something about computers I think. It really is worth the listen.
Dec 19 2013
Rank #9: Let’s Social Engineer Max a Better Microphone – Episode 017
This was going to be epic.
This is the first episode that Max and I have recorded face to face in real meatspace since the beginning of this whole endeavor.
We were excited. Some may say a little TOO excited because we didn’t actually listen to what the recording was outputting. There is evidently a setting on the microphone that allows it to record from both sides simultaneously.
That setting is … Not the one we used.
This is the episode on the fine art of the social engineer that we started discussing in maybe ep01 or ep02 or something and decided to hold off on until we were sufficiently able to mess up the recording for everyone.
Social engineers work the fine art of manipulation with the eventual goal of gain. Gaining access, gaining permissions, financial gains, you know… gain.
So I apologize on behalf of this “ep01” calibre audio quality but try and stick with it. I believe this will lead to more episodes on the topic.
The post Let’s Social Engineer Max a Better Microphone – Episode 017 appeared first on In-security Podcast.
Mar 25 2014
Rank #10: Log ALL THE THINGS – Episode 039
It’s log, it’s log, it’s big, it’s heavy, it’s wood.
It’s log, it’s log, it’s better than bad it’s informative and will help you track down problems and identify failings in your information security!
We’re talking about log files. I know, you’re thinking: But Matt, Why would log files be of any benefit to us. We’re interested in information security and protecting computers!
Well that’s a really weird thing for you to be thinking. Log files are the bread and butter of the information CSI world.
“Now, I’m confused” you’re thinking, “How will Max explain this one?”
Thankfully Max recruited this great guest to get us into the information filled world of logs. This week we have a special guest in the form of Allan Stojanovic. We’re going to get a pretty solid introduction into just why logging is invaluable and get a little insight into how we ought to go about it.
Originally Recorded November 17th 2015
Nov 20 2015
Rank #11: Handsomeware – Episode 041
This is a new and exciting episode on the topic of Ransomware.
It was the planned episode that we were going to do before life intervened and a show didn’t happen for 4 months.
But it’s here now. So there’s that.
Ransomware, as the name would suggest and as you are about to find out is the thing that you are probably going to experience where someone compromises your computer then asks you for money to either not do something or to undo something they’ve already done.
I’m collecting ideas for the in-security podcast drinking game, so far I think every time there is reference to a movie take a drink. If the movie in question is Sneakers then take two drinks.
I’ve also made up a drinking game specially for this episode. Every time Max says “ransomware” you have to take a drink.
That way you’ll regain consciousness and maybe sober up just in time for the next episode to finally come out!
I’m not sure if it was a running gag on his part but MAN did he go all out.
And just a bit of site news. For some reason our email address wasn’t working. So I managed to fix that and heartily apologize for it. I don’t really know what went wrong, because we definitely tested it before and it was working.
I’m hoping no one is holding our email ransom.
You know, like some kind of ransomware.
That’s right. I’m psyching you up for the episode. ENJOY!
Originally Recorded May 24th 2016
Jun 08 2016
Rank #12: Plain Ketchup – Episode 044
EP044 Plain Ketchup
Playing catch-up is necessary sometimes. Sometimes life happens. It gets all up in your grill and tries to mess up your best laid plans. When that happens your only choice is to podcast at a much slower pace than expected.
Sometimes life happens all over your Co-Host.
So we have an elegant solution to that. That solution is, of course, to recap everything in one giant recap episode.
We don’t necessarily hit all the points, but we get some of the top ones that we thought were neat.
We don’t necessarily even talk about events more than I go off on a long rambling excuse about why Windows has made my life slightly inconvenient.
Sometimes Windows happens…
But why does it always happen to ME?!
Yeah. That’s not really as important a point here. So anyways.
We have another episode where we are playing catch-up on some of the better topics that happened and as always click the thing below if one of these interests you and we can possibly go more in-depth into it!
Originally Recorded October 12, 2017
Oct 18 2017
Rank #13: iCloud Breach – Episode 030
Computer security & information security can be an intimate issue and none more so than this! This episode of the in-security podcast we pontificate on the recent iCloud breach. What it means to us, what it means to you and what we can learn from it.
In the future we are going to be looking a lot more towards putting trust into entities that we can’t immediately reach out to to get solutions.
Cloud computing and storage is becoming ever more prevalent and with it comes a distancing of our immediate control over content and information.
If you have a file in a drawer in your desk locked with a key it’s a lot harder for it to be taken than if you have it stored in an imaginary drawer that is in turn backed up to a couple other imaginary drawers and is locked only with a magic word.
All this fanciful talk to say iCould point fingers here but that’s gonna get us nowhere. Instead we visit some best practices to get the most out of these services and lose the least from them.
Tune in and LEAAAAAAAAAAAARN! With the big episode 30 of in-security!
Nov 04 2014
Rank #14: Enterprise Scale Development – Episode 023
Originally recorded back in April We are getting caught up with all the delays that have plagued (or blessed in Max’s case) us. This is the episode where we discuss Enterprise scale development, the different positions that you might find in those circumstances and this will nicely play off the next episode.
As usual Max has his large scale pants on and I try to slim him down to small or medium scale so we can get a general overview.
Yes, those are fat jokes. Now that I am comfortably heavier than Max I can make those. They aren’t racist, I’m taking them back.
So right. Enterprise scale development, what to expect and the roles involved. This episode speaks for itself. Literally. It’s a podcast.
And record it.
Jun 24 2014
Rank #15: Jobs in InfoSec – Episode 024
This might be a great episode to have listened to at the start of all this podcastery. In reality we sort of dove right in at the start without trying to tempt you with the lurid promise of fat sacks of job satisfaction.
This episode centers on possible jobs in InfoSec available with the science we are dropping within each and every episode. It’s definitely a starting point if you’re trying to convince your buddies to listen. I’m going to go ahead and predict available jobs in InfoSec will going to continue to be an ever growing demand until this whole internet craze dies out. Then we can finally go back to actually talking to one another in meatspace.
As you all might know we are delayed by my current work schedule as I have had a change in hours. I am slowly trickling out the episodes we had recorded until Max and I are able to reconcile our time zone woes. That’s why you are only getting play-offs references now. In July. Also, Happy Canada and America days, albeit early or late.
I guess, among other things, it’s the scheduling conflicts that led Max to putting this episode together. His thinking presumably was along the lines of getting me a break down of jobs in InfoSec might lead me to getting a more consistent schedule?
Who am I to pretend to understand the mind of a mad man?
Jul 03 2014
Rank #16: Once More Unto the Breach – Episode 025
The Verizon Data Breach Investigation Report is a helpful tool for investigating, reporting, and ultimately solving problems, but just what the heck is it?
I had no idea, to be honest, until this episode that breaches were even logged this well. Fortunately Max had a bit to say about this topic. Also fortunately he only had a bit to say about this topic. This could weigh in as our shortest podcast episode yet. You could say we didn’t “BREACH” the subject before…
If you did however you’d be wrong the word you were looking for was broach. I’m not saying that you shouldn’t use the word breach at all… Just probably not in this context. Or do, whatever, this is a infosec podcast all about computer security, not vocabulary.
I am however very disappointed with you and you might have to see me after the show for some extra tutoring.
Jul 10 2014
Rank #17: News Update – Episode 028
This is even more continuity than I ever imagined we would do. We are not only doing new content but our new content is a look back at our old content, the changes that have happened to try and keep our content relevant and also to try and take a look at how some of the bigger news stories related to info sec are shaping the industry.
That’s right. We’re going for legitimacy here!
News update is a thing we thought would be a popular feature to have as a recurring theme throughout the show’s run. Looking back in order to see what’s coming?
Aug 21 2014
Rank #18: Lets get active! (Directory) – Episode 026
Active directory is the topic of this week’s episode. We get a fundamentals course from Max.
User accounts, settings, permissions, and more all with a real world scope from an imaginary graphic design studio?
I dunno really. We had to try and humanise it.
Active directory, while not the only product of its kind, is Microsoft’s offering and, as much of the business world revolves around MS, is one of the more popular solutions.
You can expect to hear more about this helpful tool from these helpful tools since as Max rightly points out active directory only gets its surface scratched in this episode.
Jul 21 2014
Rank #19: Unix Security – Episode 029
Episode almost 30.
Who likes Unix? Who likes talking about Unix?
Max does. I don’t like to listen…
I LOVE TO LISTEN and discuss. That’s what we do here in this, our latest podcast about Unix security.
When first tasked with writing this post I was in “moving apartment” mode so was a little distracted and didn’t recall ALL the content in this episode. I’m pretty certain I was in it though so there’s that.
That’s the most important part of Unix security.
Ninja edit: I have listened to the episode. I can’t believe how accurate this post was. We DO talk about Unix. A sort of intro to Unix from a security perspective. We talk about general setting up and whatnot! BAM! That’s high caliber post writing
Sep 30 2014
Rank #20: And BOOM goes the dynamic input – Episode 015
We are drawing ever closer to the 20th episode spectacular!
I don’t know if there will in-fact be a spectacle but at this point anything goes.
This episode we explain buffer overflow on the heap and stack, format string and off by one vulnerabilities, and what to do to avoid them. It’s maybe a little heavy, maybe a little whimsical, and maybe together we can learn a little bit!
Max wanted an image for NOP SLED in the title because that would be more fun than some awkward dude at the top of the post but I was all like “Noooooooooooooope(sled)!” Then I chuckled, then I died a little more inside.
Mar 07 2014