It's Episode 2 -- and I'm sure you all know what that means... ... no more talk of midichlorians. And the continuing saga of 4 infosec nerds who will attempt to do what has never been done before... bring you a high quality information security related podcast that is not just a long series of injokes, ranting, personality disorders and hard drive snake oil. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. In this episode:
News Breach Week - Linkedin, eHarmony, last.fm Linkedin bad incident response and Leakedin VUPEN Hacked or Not? Google's Attack Warnings More news on Flame - turns out it is ground breaking (at least form a crypto perspective) - and it’s got MS worried - but there’s more, it can work with non-connected systems and relies on human mules - also, Flame falls on its sword Skimmers show up in the Ontario Government Small business owners don’t follow good security practices and don’t think they’re at risk (surprise!) Commentary Foot In The Door never store passwords in plain text when using hashes (SHA1 etc...) SALT please! don’t use MD5 never use the same password twice (space or time) Hardcore Authentication authN vs authZ retrofitting old auth systems & what’s wrong with hashes two factor auth (tokens, soft tokens) DIY Options:Google or Wikid building auth properly (openID, Google Login, Facebook Connect) handling a password compromise properly Mailbag mailbag@liquidmatrix.org Hi LM! Does my company need a CISO? ...thanks! Jeff, California Following Up NASDAQ Compensates for limp IPODownload the MP3 Subscribe to us using plain old Also, we're now available through Creative Commons license: BY-NC-SA