Rank #1: Networking: It’s a Traaaap! – Episode 004
Part one of our introductory podcast to networking & network security.
Housekeeping, family as network, Matt becomes obsessed with the new term he’s learned “Sneakernet” and Max let’s him go hog-wild with a confusing subway car analogy.
We cover the general ideas of networking, explain some of the more common protocols and of-course talk about some potential exploits to take advantage of these.
All this and more, give it a listen!
Rank #2: Hardening is Haaaard – Episode 013
As episodes go 013 is a fun & lucky one! We are talking about hardening, we provide a general overview, we provide some ways you can follow along at home to learn on your own and we probably talk complete trash at some point since that’s how we roll! There’s even a b-bomb in this one that I wasn’t expecting, if that’s not enough of a teaser how about this?
You will never believe what we cut out of this episode. It was SO cut out of the episode it will never be available to you, the listeners!
To be honest I am not sure what it was either but this is the kind of tripe news aggregation websites have to resort to to get people to click something on Facebook and they’re consummate professionals are they not?
Hardening is not as dirty as it sounds, I think… It can be summed up as securing infrastructure by eliminating unnecessary weak points. In our context infrastructure means desktops, workstations, routers, network hubs, servers etc. so I think securing means closing open doors, shutting open ports, turning off apps & services that you don’t need, making sure you close the fridge because you aren’t paying to cool the neighbourhood, and locking the front door when you leave the house.
Come to think of it, I’m not 100% sure how accurate any of that is, I should probably give the episode another listen.
Rank #3: Let’s talk about stacks baby! – Episode 014
We talked about web vulnerabilities and the markup languages, and interpretation of scripts, but those aren’t real programs running on your computer. This time we’re going to get a little more advanced and talk about programming and execution within the computer drawing back to the first few episodes. It’s detailed but will be the bedrock for the more advanced topics we’ll be discussing in vulnerabilities within applications running on a computer. We mention stacks and cover a great dummy program to really tie this episode together into what I lovingly call the greatest episode ever of any podcast on the internet*.
Actually I kinda felt we used the word stacks so much that I really latched onto it after editing this episode. For that I apologize. But it lead to the zany title and really confusing title image this week.
We also ran into some perceived quality issues with this week’s episode. After some finessing in the editing studio in the spacious west wing of the guest house in stately Max-Manor Max assures me with aplomb that this is resolved. As always if you disagree with Max please feel free to leave us comments below, Tweet us on twitter or email us via email.
*With the possible exception of some of the other podcasts on the internet and episodes that they had.
Rank #4: Let’s Social Engineer Max a Better Microphone – Episode 017
This was going to be epic.
This is the first episode that Max and I have recorded face to face in real meatspace since the beginning of this whole endeavor.
We were excited. Some may say a little TOO excited because we didn’t actually listen to what the recording was outputting. There is evidently a setting on the microphone that allows it to record from both sides simultaneously.
That setting is … Not the one we used.
This is the episode on the fine art of the social engineer that we started discussing in maybe ep01 or ep02 or something and decided to hold off on until we were sufficiently able to mess up the recording for everyone.
Social engineers work the fine art of manipulation with the eventual goal of gain. Gaining access, gaining permissions, financial gains, you know… gain.
So I apologize on behalf of this “ep01” calibre audio quality but try and stick with it. I believe this will lead to more episodes on the topic.
The post Let’s Social Engineer Max a Better Microphone – Episode 017 appeared first on In-security Podcast.
Rank #5: Seven Layer Burrito – Episode 009
Max is literally 0 milligrams lighter this episode without his Movember monthstache and you can hear the relief in his voice as he takes us delving into the delicious world of the seven layer OSI model.
What is an OSI model you ask?
That’s an excellent question!
Can I answer it?
Not without ruining THE ENTIRE EPISODE…
Is there really 7 layers?
Could there be an eighth layer?
What if I order 2 burritos and pile them on top of one another to make a 14 layer bad mother burrito?
SOME OF THESE ANSWERS AND MORE! So you might as well click on the links below to get your LEARN on! (or fire up your favorite podcatcher with the above subscription links)
We discuss popular sandwich alternatives and something about computers I think. It really is worth the listen.
Rank #6: Enterprise Scale Development – Episode 023
Originally recorded back in April We are getting caught up with all the delays that have plagued (or blessed in Max’s case) us. This is the episode where we discuss Enterprise scale development, the different positions that you might find in those circumstances and this will nicely play off the next episode.
As usual Max has his large scale pants on and I try to slim him down to small or medium scale so we can get a general overview.
Yes, those are fat jokes. Now that I am comfortably heavier than Max I can make those. They aren’t racist, I’m taking them back.
So right. Enterprise scale development, what to expect and the roles involved. This episode speaks for itself. Literally. It’s a podcast.
And record it.
Rank #7: Security on a Cellular Level – Episode 022
This week was a topic I wanted to take a look at as it’s becoming a growing concern and there is currently no CLEAR winner from the end user perspective. We discuss security on cellular devices.
Cellular security is a growing concern since a lot of the new devices have their “Always on” internet connections and become a frequent source for secure and insecure communication.
Businesses both large & small with security concerns really have to take a look at these treacherous devices. Like with many of the topics we’ve discussed this really ends up being summarized as a trade-off of security to inconvenience.
As cellular security really becomes more prevalent we, as professionals and enthusiasts, really need to take them seriously.
Hopefully in the next couple years we’ll see multi-sim or multi-profile phones become more the norm and we might have another rise of RIM or a similar trend towards remote device management for the security professionals but for now tune in for our general review of options you can do yourself!
Rank #8: Jobs in InfoSec – Episode 024
This might be a great episode to have listened to at the start of all this podcastery. In reality we sort of dove right in at the start without trying to tempt you with the lurid promise of fat sacks of job satisfaction.
This episode centers on possible jobs in InfoSec available with the science we are dropping within each and every episode. It’s definitely a starting point if you’re trying to convince your buddies to listen. I’m going to go ahead and predict available jobs in InfoSec will going to continue to be an ever growing demand until this whole internet craze dies out. Then we can finally go back to actually talking to one another in meatspace.
As you all might know we are delayed by my current work schedule as I have had a change in hours. I am slowly trickling out the episodes we had recorded until Max and I are able to reconcile our time zone woes. That’s why you are only getting play-offs references now. In July. Also, Happy Canada and America days, albeit early or late.
I guess, among other things, it’s the scheduling conflicts that led Max to putting this episode together. His thinking presumably was along the lines of getting me a break down of jobs in InfoSec might lead me to getting a more consistent schedule?
Who am I to pretend to understand the mind of a mad man?
Rank #9: Once More Unto the Breach – Episode 025
The Verizon Data Breach Investigation Report is a helpful tool for investigating, reporting, and ultimately solving problems, but just what the heck is it?
I had no idea, to be honest, until this episode that breaches were even logged this well. Fortunately Max had a bit to say about this topic. Also fortunately he only had a bit to say about this topic. This could weigh in as our shortest podcast episode yet. You could say we didn’t “BREACH” the subject before…
If you did however you’d be wrong the word you were looking for was broach. I’m not saying that you shouldn’t use the word breach at all… Just probably not in this context. Or do, whatever, this is a infosec podcast all about computer security, not vocabulary.
I am however very disappointed with you and you might have to see me after the show for some extra tutoring.
Rank #10: Lets get active! (Directory) – Episode 026
Active directory is the topic of this week’s episode. We get a fundamentals course from Max.
User accounts, settings, permissions, and more all with a real world scope from an imaginary graphic design studio?
I dunno really. We had to try and humanise it.
Active directory, while not the only product of its kind, is Microsoft’s offering and, as much of the business world revolves around MS, is one of the more popular solutions.
You can expect to hear more about this helpful tool from these helpful tools since as Max rightly points out active directory only gets its surface scratched in this episode.
Rank #11: And BOOM goes the dynamic input – Episode 015
We are drawing ever closer to the 20th episode spectacular!
I don’t know if there will in-fact be a spectacle but at this point anything goes.
This episode we explain buffer overflow on the heap and stack, format string and off by one vulnerabilities, and what to do to avoid them. It’s maybe a little heavy, maybe a little whimsical, and maybe together we can learn a little bit!
Max wanted an image for NOP SLED in the title because that would be more fun than some awkward dude at the top of the post but I was all like “Noooooooooooooope(sled)!” Then I chuckled, then I died a little more inside.
Rank #12: Crypto Continued – Episode 021
More episodes, more episodes, more episodes!
We continue our discourse on cryptography with more of Alce Bob & Eve’s adventures! Or should I say MISADVENTURES! I shouldn’t. I should never say that. I apologize sincerely to you dear reader. Crypto is serious business and no place for levity.
This has been an enlightening episode. Or HAS IT?! You be the judge, jury, and executioner and then the executor of the will. We’d like some feedback on this episode, Too deep? Too light? What would you like to hear? Send us an email, use the comments for this post or tweet us. We’re all over those things!
Hey, just between us, I’ve been thinking of maybe revamping the page layout. What do you think about that? Would that make you feel uncomfortable? Are you so used to this layout from all the time you spend hanging out here on the site? Send an email or a tweet to let me know what your feelings are.
And now, back to our regularly scheduled crypto…
Rank #13: Networking2: Networking Networks – Episode 005
We talk more about networking in part two of our networking basics. There’s a lot more in-depth coverage of networks and their interactions with other networks, time, ping we have it all!
Matt embarrasses himself by admitting he wasn’t very alert when it came to blindly clicking Google links and Max sings a little tune! What are you waiting for?
Rank #14: Cryptographic Adventures of Alice, Bob and Eve – Episode 020
Eagle … eared listeners might have noticed we were getting out of control with our time frame references. While I really found it hilarious after a while it just kinda becomes that uncomfortable funny where no one wants to hear the joke but that one guy keeps saying it so people are just sort of laughing to be polite.
This had to stop so I took a firm stance on it and decided (which admittedly I should have maybe mentioned on the site) that we weren’t going to keep on posting things out of order. This meant we were going to sit tight until the fabled episode on cryptographic practices in the form of “Cryptographic Adventures of Alice, Bob, and Eve” was finally released. I was comfortable with holding firm on this since I had done the noble thing and left all the editing for this episode on Max’s lap.
I am a good friend and host!
I guess unless another Heartbleed things comes along we are going to try and stick to this so that I can stop thinking I am funny and can stop doing the same stupid jokes about our shows being out of order.
Which, I think is enough excuses, now let’s talk about this episode!
My how clever of him, you are all thinking! He employed a Caesar cipher to write the topic of the podcast because they are going to discuss such things!
That’s right folks! I go for the lowest hanging fruit!
Anyways give Cryptographic Adventures of Alice, Bob, and Eve a listen and then leave comments on this post or email us or whatever. Just please don’t encode your comments because while we might be able to talk about it doesn’t mean we can crack it. Heck it took months just to complete the talking about it phase…
The post Cryptographic Adventures of Alice, Bob and Eve – Episode 020 appeared first on In-security Podcast.
Rank #15: Common Web Vulnerabilities – Episode 011
Happy new year to all! (With this slightly delayed episode) for which I have no one to blame but procrastination. One might even say it’s a VULNERABILITY of mine. Is that a Segue I hear?! Not really. It’s a poorly shoe-horned in attempt to get back on topic and the topic this “week” is common web vulnerabilities!
What do I mean? We give an overview of some of the most frequently used attacks online, ways that websites, web servers, web apps, and web denizens are often compromised by the malicious.
I admit I was surprised to find I use some of these exploits myself but not in a malicious manner mind you. I was, however, not surprised at all to find out that over the years I have fallen prey to most of these!
The image made more sense before the brains of the operation made me add the “web” part. Just imagine how clever it would be if it was just “common vulnerabilities” SO CLEVER.
Funfact: This post represents the most times I have typed the word vulnerabilities, possibly ever.
Vulnerabilities. Yup, It’s now a lock!
Rank #16: Preemptive Heartbleed – Episode 019
I know that we have maybe teased about some pending episodes (and the teasing gets a little out of hand in this episode…) but we kinda figured it made sense to preempt the episodes we have loaded up with this much more timely, much more pressing coverage of Heartbleed.
We still have a line-up of recorded & unreleased content coming so don’t worry, and we are not ones to dangle the carrot only to pull the… Carrot out from under you? However hen something in the security world causes this much of a media frenzy we feel we would be doing you, our faithful listeners (Hi Mum!) a disservice without trying to get you correct, useful, and timely information.
Now you can impress your friends and woo your paramour with your stunning in-depth knowledge of Heartbleed.
That’s right folks this episode deals with Heartbleed bug, how it works, some of the scope and implications and then using this as a launching point we cover just how one would create a security program to handle such threats and vulnerabilities.
And to think, I didn’t even know it was a word previously but now I am heart-hemorrhaging “Heartbleed” all over this post.
Rank #17: CanSecWest Recap – Episode 018
After a triumphant visit out to Vancouver British Columbia (I really had to fight autocorrect to get my U in that spelling…) Max has returned back to a wintry East-coast house filled with leaky windows and… One man microphones.
That’s right, It’s a call back to the previous EP where we were supposed to have much better quality and then… didn’t.
So we recorded this episode where Max gets to recount his visit and adventures to the West-coast but mostly the bits he spent in the basement nerding out at the CanSecWest conference held March 12-14 2014 at the Sheraton Wall Centre. He grew as a human and now brings all his learning to us peons who weren’t in attendance.
I guess for a conference about security that seems a little bit lax. How come he can just tell us everything he learned? Why wouldn’t he have to sign an NDA or something. HOW SECURE WAS THIS CONFERENCE?!
Anyways, download, tune in, turn on, switch places, shake it all about…
It’s Episode 18! CanSecWest Recap!
Rank #18: Credit Card Compromise – Episode 016
What started as an experimental episode (see also: Cop out) about “discussing news” ended up as a pretty interesting discussion about the state of the US banking, retail point of sales, & security failings. We had a couple of articles that all dealt with the credit card compromises brought about by the outdated and quite frankly already obsolete mag-stripe on your run of the mill credit card. So the articles discussed can all be accessed in the shownotes so head over there. I’ll also throw in a silly video that I kept thinking about during the show instead of staying on topic.
It also lead to the amazing alliteration all around this article!
I mentioned in the last write up that there might be something going on for the 20th episode. I didn’t have anything planned. I just had to write some kind of post for the website and was probably delirious from lack of sleep or too much sleep whichever it is I did the night before. I can hardly remember now. I shouldn’t say sleep supersedes our site’s structure but It might maybe make more mentions of spectacles happen.
There might be. Quite frankly I didn’t think we’d make it to 5 so the simple fact of 20 episodes was the spectacle I was talking about. I dunno, I’ll have to talk to Max about it some-more and see if there’s actually something we can do to make it more spectacular?
I am now all worn out from alliteration. I think I might need to lie down.
Rank #19: More Common Web Vulnerabilities – Episode 012
We journey again into the realm of continuity! This is YET ANOTHER part 2 for content and ease of consumption. This time we wrap up our common web vulnerabilities with the creatively named episode 012, More common web vulnerabilities!
I know right? We spared no expense on that name.
I was pushing for something about sessions, if you listen to the episode you’ll understand why.
SPOILERS: We say “sessions” a lot.
But it just didn’t make sense, we already set the title continuity precedence with episode 5 and we are nothing without standards.
There’s some housekeeping, there’s some, I want to say banter, and there’s more – more common web vulnerabilities than you can shake a stick at! This is a well rounded episode if I do say so myself! I’m not just writing more about it because I’m procrastinating from trying to make up a clever title image. It’s actually THAT GOOD.
(Image solution? COP OUT! I’d like to thank laziness, uninspired titles, and all the little people for making this happen!)
Rank #20: Kernel Sunders – Episode 003
In which Max really starts to find his voice, we start in on operating systems(OS) and their job in the computer, some attacks against Operating Systems directly and Matt uses the words “touch” & “essentially” altogether too much.
All this and more, give it a listen!