Security Advisories Videos
newest 100 security advisories videos / security advisories widgets / media rss:

Rich and I took a few minutes this morning to talk about what we re planning for Black Hat and Defcon this year. Rich has been at many of these events and works as a speaker escort part of his time there. This is only my second year attending, so I m still learning my way aroudn a little. We both have a number of suggestions concerning security at the events. One big rule we didn t mention is If you don t need it, don t take it. I think I ll be leaving the camera with the wifi memory card in it at home. If you see us this coming week, please don t feel shy about introducing yourself as a listener or reader. It s always good to be able to put a face to the name and the voice coming from your computer. Network Security Podcast Pre-Black Hat/Defcon 2008 Special Time: 12:38

If you re using DNS, and we all are, prepare to patch every system you have. Not just your name servers, but any and all systems using DNS, which means virtually everything! This is a flaw discovered by Dan Kaminsky that affects the basic technology underlying DNS and effects all vendors. Dan took the road of responsible disclosure and worked with a large group of vendors to coordinate this patch. This may be one of the first successful examples of a large multivendor patch, and if ever there was a need for it, this is it. Rich was able to get an interview in anticipation of today s announcement and you can hear about it straight from Dan himself. There are not a lot of technical details concerning the vulnerability in the interview and every effort is being made to give us as much time to patch before reverse engineering gives the bad guys the secret sauce to make this a weaponized vulnerability. Check the show notes for the CERT advisory and additional information. Network Security Podcasdt, Episode 111, July 8, 2008

At RSA Michael Santarcangelo and I had a chance to attend a seminar on the Jericho Forum briefly.  Neither of us had heard much about the Jericho Forum before so we invited them to participate in a podcast with us.  And since I didn t know much about Jericho, I found someone who does:  Chris Hoff.  We were joined by one of the founders of the Jericho Forum, Paul Simmonds, and the CEO of Rohati Systems, Shane Buckley.  You can find the full show notes on the Security Roundtable blog.

Rich and I got a chance to talk to Ron Gula, CEO of Tenable Network Security about the changes that were made today the the changes in the Nessus licensing model. This is a follow up to the post I wrote this morning and explains the reasoning behind the changes straight from the man in charge.