In-Security

EP051 Watch Your Pi Hole S2E2 drops with a discussion on DNS filtering and how to do it using cool tools like the Pi Hole. This episode was not recorded in front of a live studio audience. The audience already left because it was very late at night. If there’s any low energy I’m attributing it to that. Turns out DNS filtering is actually crazy cool. There’s a ton of power there and a lot of fun things you could do. There’s also a lot of practical uses we could put it to from both a home and small business perspective. Don’t believe me? We talk about spying on your children, supplementing your income for your mom and pop shop and the Nintendo game Chronotrigger. How can that NOT have you listening already?! This post was also written very late at night. Originally Recorded March 20, 2019 Shownotes The post Watch Your Pi Hole – Episode 51 appeared first on In-security Podcast.

EP050 5-D’oh Homer Security Season two has kicked off Y’all with home security I don’t get the seasons, or how they work. But whatever, that’s what’ we’re calling it. This season we pivot to focus more on home security and all the tips tricks problems and solutions around what security minded home owners and folks who want to layer on a little protection to their home offices face. We’re also going to try and give a little more airtime to small business since a lot of home security cross pollinates with super small businesses. I’m not saying this is going to be the best season of this show yet. But i’m not NOT saying that. ENJOY! Originally Recorded March 1, 2019 Shownotes The post 5-D’oh Homer Security – Episode 50 appeared first on In-security Podcast.

EP049 FR-Agile Development This year’s episode is about Dev-Ops, Agile Development and a couple other interesting development methodologies that are floating around.  It’s MOSTLY about Dev-Ops though. Max found this video series,  at the bottom of a dumpster and had me watch them to try and explain what Dev-Ops was.  Turns out that I didn’t really get a whole lot out of the video series because frankly they were put in that dumpster for a reason. This episode was delayed because of a toilet problem.  Actually I cover that in the episode in a new segment I like to call “Explaining why the episode was so darned late” ENJOY! Originally Recorded August 1, 2018 Shownotes The post Fr-Agile Development – Episode 49 appeared first on In-security Podcast.

EP048 Intelligent in an artificial kind of way   This week it’s Artificial Intelligence and machine learning. There’s a lot of real cool things being done as computing power gets cheaper and more accessible than ever before. What kind of impact might this have on infosec and the ongoing battle between blackhats & whitehats? I honestly think that we talk about that this episode. I don’t really remember since I edited it a little while ago. But check it oooooout please? Originally Recorded June 17, 2018 Shownotes The post Intelligent in an artificial kind of way – Episode 48 appeared first on In-security Podcast.

  EP047 Who put that thing in my internet?   Dial in folks, we have ourselves an episode about the internet and things. Or… of things? The internet of things and their vulnerabilities. That’s right some times things that make your life easier can come at a price. A PRICE SO HIGH IT’S STAGGERING! Then once you’ve saved up that staggering price and buy the thing you find out that there’s another secret hidden price. The one you thought I was talking about originally!! Whatever man, who writes this nonsense anyways? Geez. Internet of things devices can have vulnerabilities just like all computers and we’re going to discuss some of them and what you can try to do to get to enjoy these internet of things devices without giving up the whole fishtank! ENJOY! Originally Recorded June 6, 2018 Shownotes The post Who put that thing in my internet? – Episode 47 appeared first on In-security Podcast.

  EP046 Tracking U   This week we talk about online (spoilers: And offline) tracking and the people who do it. It’s a banner year at the old in-security family, two count on the podcast front and another on the way?! We discuss Microsoft, google, facebook and the way they go about collecting data from unsuspecting internet users. We also take an in-depth look at cookies and how they are now used for more than ever intended. Delicious delicious cookies. Used for tracking? next you’re going to tell me that brownies can be used to get you stoned. Originally Recorded May 2, 2018 Shownotes The post Tracking U – Episode 46 appeared first on In-security Podcast.

  EP045 Meltdown Inspector   Our first (read: only?) episode for 2018 and we’re ready to talk about Meltdown and Spectre, the new class of hardware vulnerabilities that hadn’t really even been considered prior to this discovery! We even have some housekeeping in this episode. Who would have thought with like a half year since the last EP that there was any new developments?! So yeah, we got a lot of great content. This is a delightful reboot. Let’s hope there’s more to come! (this year) Originally Recorded March 21, 2018 Shownotes The post Meltdown Inspector – Episode 45 appeared first on In-security Podcast.

EP044 Plain Ketchup Playing catch-up is necessary sometimes. Sometimes life happens. It gets all up in your grill and tries to mess up your best laid plans. When that happens your only choice is to podcast at a much slower pace than expected. Sometimes life happens all over your Co-Host. So we have an elegant solution to that. That solution is, of course, to recap everything in one giant recap episode. We don’t necessarily hit all the points, but we get some of the top ones that we thought were neat. We don’t necessarily even talk about events more than I go off on a long rambling excuse about why Windows has made my life slightly inconvenient. Sometimes Windows happens… But why does it always happen to ME?! Yeah. That’s not really as important a point here. So anyways. We have another episode where we are playing catch-up on some of the better topics that happened and as always click the thing below if one of these interests you and we can possibly go more in-depth into it! Originally Recorded October 12, 2017 Shownotes The post Plain Ketchup – Episode 044 appeared first on In-security Podcast.

EP043 Don’t Rock the Voting Machines You know that old song? Rock the boat? You know how Rock the VOTE was made popular? We want you to rock the VOTE. Just don’t pick on the voting machines? Something like that at any rate. So that’s what I was going for with this title. We have fallen so far out of practice that at this point we’re just making things up again. At least at one time we had some sense of what we were doing. Or at least some sense. That’s all gone. I don’t miss it. So yeah. Go vote. You can listen to this episode on your way to the polls, or as you wait. If you aren’t American there is still value in this episode regardless, replace “voting machine” with “public facing machine”, replace “Counting votes” with “something that is private and shouldn’t be shared or have results tampered with.” and there you go. Baby, You’ve got a stew going. You’ve got a perfectly good show for any country! So this episode is all about the vulnerabilities in voting machines. We aren’t here to give a historical perspective, though I agree it would be really interesting, We are here to give you the information security side of the coin. The information security coin. Originally Recorded November 7th 2016 Shownotes The post Don’t Rock the Voting Machines – Episode 043 appeared first on In-security Podcast.

EP042 Bloaty and the Superfish Bloatware is out there. Swelling and expanding and taking up your valuable valuable resources and stealing your car keys and taking the family sedan out for joyrides in the middle of the night. So I guess we should make a podcast explaining it. DONE! That’s right, We’re going to EXPAND on the topic of BLOATware. Heh. Ugh. Bloatware is the software installed on your new electronics direct from the manufacturer under the guise of “improving your user experience” In reality it might improve the price you pay slightly but otherwise often has very little benefit. But we’ll get into that I don’t want to jump the gun. I don’t want to mislead anyone. We only thought of the title at the end so there are no hootie puns throughout the episode. I am sure we could have included some references to I only wanna be with you or let her cry or something. Those jokes pretty much make themselves when you’re talking bloatware. In case you’re wondering about Superfish. Yeah, that’s also a thing, I wasn’t just trying to avoid litigation. If you want to know more you should probably fire up your favorite listening device or devices, I am not here to limit you, and give it a digital spin. Originally Recorded July 6th 2016 Shownotes The post Bloaty and the Superfish – Episode 042 appeared first on In-security Podcast.

EP041 Handsomeware This is a new and exciting episode on the topic of Ransomware. It was the planned episode that we were going to do before life intervened and a show didn’t happen for 4 months. But it’s here now. So there’s that. Ransomware, as the name would suggest and as you are about to find out is the thing that you are probably going to experience where someone compromises your computer then asks you for money to either not do something or to undo something they’ve already done. I’m collecting ideas for the in-security podcast drinking game, so far I think every time there is reference to a movie take a drink. If the movie in question is Sneakers then take two drinks. I’ve also made up a drinking game specially for this episode. Every time Max says “ransomware” you have to take a drink. That way you’ll regain consciousness and maybe sober up just in time for the next episode to finally come out! I’m not sure if it was a running gag on his part but MAN did he go all out. And just a bit of site news. For some reason our email address wasn’t working. So I managed to fix that and heartily apologize for it. I don’t really know what went wrong, because we definitely tested it before and it was working. I’m hoping no one is holding our email ransom. You know, like some kind of ransomware. That’s right. I’m psyching you up for the episode. ENJOY! Originally Recorded May 24th 2016 Shownotes The post Handsomeware – Episode 041 appeared first on In-security Podcast.

EP040 Advertising After 40 They says that life begins at 40. They also say no press is bad press. They also say a stitch in time saves 9. When I was a kid I thought that the last one was a reference to some sort of space-time wrinkle. Like how a stitch in your side is a cramp. It was years later that I actually put together the sewing connection. I was a weird kid. I liked science and space and stuff. Fortunately I’ve put all that to use to become a guy who plays the dumb guy on a podcast! But all that changed with THIS EPISODE. We have decided that since we’ve gotten out of the initial content heavy/dense shows we can probably let me talk about things too. We put that to use in this, our 40th episode. The web advertising episode. We’re going into the hist’ry of advertising on the web and maybe the future? Only time will tell. While we’re on the topic of telling things, maybe you can tell us what you think of this format, a lot more back and forth I hope tickles your fancies. Originally Recorded November 30th 2015 Shownotes The post Advertising After 40 – Episode 040 appeared first on In-security Podcast.

EP039 Log ALL THE THINGS It’s log, it’s log, it’s big, it’s heavy, it’s wood. It’s log, it’s log, it’s better than bad it’s informative and will help you track down problems and identify failings in your information security! We’re talking about log files. I know, you’re thinking: But Matt, Why would log files be of any benefit to us. We’re interested in information security and protecting computers! Well that’s a really weird thing for you to be thinking. Log files are the bread and butter of the information CSI world. “Now, I’m confused” you’re thinking, “How will Max explain this one?” Thankfully Max recruited this great guest to get us into the information filled world of logs. This week we have a special guest in the form of Allan Stojanovic. We’re going to get a pretty solid introduction into just why logging is invaluable and get a little insight into how we ought to go about it. Originally Recorded November 17th 2015 Shownotes The post Log ALL THE THINGS – Episode 039 appeared first on In-security Podcast.

EP038 Smashley Badison By now you’ve either heard of the Avid Life Media breach, which you have mostly only heard of as the Ashley Madison breach, or you are really probably not that into news. So as we all know, the bad thing has happened to a questionable company. Avid Life Media, makers of the websites Ashley Madison and Established Men were breached and lost a lot of sensitive information that negatively affected a lot of people. So now that we’ve had some time for the sensationalism to die down let’s try and organize everything into an actual timeline, see what happened and see what we can learn from all this. The short answer is “don’t trust people with things you want kept secret.” The long answer is something like 36 minutes long and comes in the easy listening format of episode 38 of the in-security podcast. That’s right. That’s what we cover this week. Avid Life Media and their devastating data breach. If the news is to be believed then it wasn’t actually all that devastating to them as a company. But it was totally devastating to the real humans affected. Originally Recorded October 7th 2015 Shownotes The post Smashley Badison – Episode 038 appeared first on In-security Podcast.

EP037 Hardware Snoops, Dawg Hardware monitoring is getting more and more difficult to manage and mitigate. There’s crazy techniques that can now be employed for increasingly lower overhead. How can we fight this? How can we stop this? How can we weaponize cats? That’s right folks, We are going to get a little down and dirty in this episode with some discussion on hardware monitoring methods and devices. Freaking lasers? We got that. Animal cruelty? We’ll cover it. Max’s amazingly loud keyboard? Yeah, I’ll talk about it yet again. I’ll NEVER STOP TALKING ABOUT IT. Until Max does the editing that is… I’m going to take this moment to add an aside here, if you have any interest in us doing a spoilercast about Mr.Robot discussing the methods and hacks used there please leave a comment, email or tweet us. We’ll be happy to cover it! Originally Recorded August 20th 2015 Shownotes The post Hardware Snoops, Dawg – Episode 037 appeared first on In-security Podcast.

EP036 Hackers Getting Hacked Max and I have realized that one can never stay on top of the news because they just keep changing it on us. We were all happy with our USA Patriot act episode but they just couldn’t keep their noses out of the American public’s business. They had to get right back up there. So we cover the backpedaling on that, then cover a little of the massive and devastating OPM breach and the terrible breach for Hacking Team. An interesting case of Hackers getting hacked and that really should be a sign, if you can’t trust criminals WHO CAN YOU TRUST?! Lastly I eat a little crow when I have to sort-of re-assess my statement from the previous episode regarding the stance on justice in a little segment we like to call “un-Finnished justice”! We actually didn’t call it that. In-fact that joke was too dumb to leave in the episode when I edited it but darned if I can’t slap it in here since no one reads this far into the post! You’re all just so excited to make with the downloading and get straight to the listening SO HAVE AT IT! Originally Recorded July 13th 2015 Shownotes The post Hackers Getting Hacked – Episode 036 appeared first on In-security Podcast.

EP035 Legal Wiretapping First off: No. We didn’t call the whole show off after Rob Fuller’s interview. Although we thought we’d reached a pinnacle there we quickly realized that the information security news and infotech problems are still going so we might as well too. In reality we had an unfortunate series of health and scheduling delays. So the latest episode of course has to cover some of the changes growth and movement since our last podcast which we cover with aplomb! Eventually we get to brand new content! The content this episode is legal wiretapping! the USA PATRIOT Act has elapsed and been replaced with the USA FREEDOM Act which we look at and clear up a bit of the differences and changes that entails. While the US has actually moved away from unwarranted wiretapping search and surveillance Canada is moving TOWARDS it? That’s right. C-51 is Canada’s version of the USA PATRIOT Act. Allowing for wiretapping all over the place. As Canadians we will talk a little about that too! Originally Recorded June 18th 2015 Shownotes The post Legal Wiretapping – Episode 035 appeared first on In-security Podcast.

EP034 Open Source Security Architecture Group Oh boy do we have an episode for you! This is our first ever interview and with an entertaining guy Rob Fuller also known as Mubix. He took the time to discuss with us (well, Max mostly) The plans for the Open Source Security Architecture Group. Or at least he tries to once Max gets done his fanboy tirades. “Well that’s all well and good” you say “But just what is this Open Source Security Architecture Group?” You ask, incredulously. I mean, if you actually do say either of those two things I should probably get out of podcasting and into prognosticating. BUT I DIGRESS! I don’t want to spoil the fun for you because we have the one person on the planet better qualified to explain it to you and that is of course it’s founder and we can have him explain it in the only method better than me writing this blog post and that would be this podcast. Wow that was a terrible stretch, just listen would you? Originally Recorded March 11th 2015 Shownotes The post Open Source Security Architecture Group – Episode 034 appeared first on In-security Podcast.

EP033 Disclosure and Something About Hats We kick off a whole new year of podcasting about infosec and the computer security field with our first of the year, a timely(?) discussion of bug and vulnerability disclosure and the best practices facing this topic. Fortunately it was in the forefront of the news this year thanks to the 2 search engine mavens Google and Microsoft. That’s what Microsoft is known for right? It’s search engine? I think when I search in-security in Bing we’re the third hit so clearly this Google thing is just a passing phase. Annnnyway. Disclosure is a HUGE part of information Security and this podcast is dedicated to how to do it right, how to do it wrong how to prepare your own company to receive and handle disclosure of vulnerabilities in a responsible and timely manner. Check it check it check it out! Originally Recorded January 17th 2015 Shownotes The post Disclosure and Something About Hats – Episode 033 appeared first on In-security Podcast.

EP032 Sony Breachpocolypse The Sony breach is a pretty big deal followed by, well, everyone. Big enough for us to speculate on (and of course by the time this EP makes it to air there will be more news so expect a part 2.) The in-security guarantee for this is that at the time of recording all the information is as correct as we could make it. This episode of the podcast contains a bunch of speculation so get ready! Shownotes The post Sony Breachpocolypse – Episode 032 appeared first on In-security Podcast.

EP031 Private Web Surfing If I said UIDH would that mean anything to you? No? Maybe? It does now? There’s been a recent computer information security community discovery about Verizon (and other companies) and how they are injecting a unique identification header into their customer’s web traffic. What does that mean? That’s a great question. If only Max were here we could ask him and then record his answer and maybe have some banter between us and then have Max edit it together into a… WAIT A MINUTE! That sounds just like episode 31 of our podcast! Holy cats! You should click and listen and learn about all of this. Did we mess up? Did we get something wrong? Add your two cents (remember we’re Canadian so there might be an exchange rate) tweet us, leave a comment on this post or send us an email to feedback at in-security.org Shownotes The post Private Web Surfing – Episode 031 appeared first on In-security Podcast.

EP030 iCloud Breach Computer security & information security can be an intimate issue and none more so than this! This episode of the in-security podcast we pontificate on the recent iCloud breach. What it means to us, what it means to you and what we can learn from it. In the future we are going to be looking a lot more towards putting trust into entities that we can’t immediately reach out to to get solutions. Cloud computing and storage is becoming ever more prevalent and with it comes a distancing of our immediate control over content and information. If you have a file in a drawer in your desk locked with a key it’s a lot harder for it to be taken than if you have it stored in an imaginary drawer that is in turn backed up to a couple other imaginary drawers and is locked only with a magic word. All this fanciful talk to say iCould point fingers here but that’s gonna get us nowhere. Instead we visit some best practices to get the most out of these services and lose the least from them. Tune in and LEAAAAAAAAAAAARN! With the big episode 30 of in-security! Shownotes The post iCloud Breach – Episode 030 appeared first on In-security Podcast.

EP029a Shellshocker! We interrupt your regularly scheduled computer security podcast to bring you this timely update! We apologize for the interruption but darn if this isn’t drastically important and fun from a computer & information security perspective. You might have head something about Shellshock as the details unravel so we’re trying to give you some insight into what you might be hearing in this important message from your friendly computer information security podcast producers on the nature, threats & solutions to the new Shellshock exploit. Shownotes The post Shellshocker! – Episode 029a appeared first on In-security Podcast.

EP029 Unix Security Episode almost 30. Who likes Unix? Who likes talking about Unix? Max does. I don’t like to listen… I LOVE TO LISTEN and discuss. That’s what we do here in this, our latest podcast about Unix security. When first tasked with writing this post I was in “moving apartment” mode so was a little distracted and didn’t recall ALL the content in this episode. I’m pretty certain I was in it though so there’s that. That’s the most important part of Unix security. Never forget. Ninja edit: I have listened to the episode. I can’t believe how accurate this post was. We DO talk about Unix. A sort of intro to Unix from a security perspective. We talk about general setting up and whatnot! BAM! That’s high caliber post writing Shownotes The post Unix Security – Episode 029 appeared first on In-security Podcast.

EP028 News update This is even more continuity than I ever imagined we would do. We are not only doing new content but our new content is a look back at our old content, the changes that have happened to try and keep our content relevant and also to try and take a look at how some of the bigger news stories related to info sec are shaping the industry. That’s right. We’re going for legitimacy here! News update is a thing we thought would be a popular feature to have as a recurring theme throughout the show’s run. Looking back in order to see what’s coming? Shownotes The post News Update – Episode 028 appeared first on In-security Podcast.

EP027 Software for Rent! There’s a new business model in town friends. We call it software for rent, for the sake of this podcast, because other wise I didn’t have a clever image for the title. So there’s a deep insight into our development and release process. In this one we started, innocently enough, with Max explaining his recent OS upgrade which led into some kind of diatribe on the state of… something. We discuss at length the ups and downs of this new pay as you go software model. It’s a neat idea to not buy software at the full price but if you go with software for rent then you end up with the full version at a much lower recurring price. I guess I shouldn’t really go into it here since we sorta get WAY into it in the podcast that you can listen to. Shownotes The post Software For Rent – Episode 027 appeared first on In-security Podcast.

EP026 Let’s get Active! (Directory) Active directory is the topic of this week’s episode. We get a fundamentals course from Max. User accounts, settings, permissions, and more all with a real world scope from an imaginary graphic design studio? I dunno really. We had to try and humanise it. Active directory, while not the only product of its kind, is Microsoft’s offering and, as much of the business world revolves around MS, is one of the more popular solutions. You can expect to hear more about this helpful tool from these helpful tools since as Max rightly points out active directory only gets its surface scratched in this episode. Shownotes The post Lets get active! (Directory) – Episode 026 appeared first on In-security Podcast.

EP025 Once More Unto the Breach The Verizon Data Breach Investigation Report is a helpful tool for investigating, reporting, and ultimately solving problems, but just what the heck is it? I had no idea, to be honest, until this episode that breaches were even logged this well. Fortunately Max had a bit to say about this topic. Also fortunately he only had a bit to say about this topic. This could weigh in as our shortest podcast episode yet. You could say we didn’t “BREACH” the subject before… If you did however you’d be wrong the word you were looking for was broach. I’m not saying that you shouldn’t use the word breach at all… Just probably not in this context. Or do, whatever, this is a infosec podcast all about computer security, not vocabulary. I am however very disappointed with you and you might have to see me after the show for some extra tutoring. Shownotes The post Once More Unto the Breach – Episode 025 appeared first on In-security Podcast.

EP024 Jobs in InfoSec This might be a great episode to have listened to at the start of all this podcastery. In reality we sort of dove right in at the start without trying to tempt you with the lurid promise of fat sacks of job satisfaction. This episode centers on possible jobs in InfoSec available with the science we are dropping within each and every episode. It’s definitely a starting point if you’re trying to convince your buddies to listen. I’m going to go ahead and predict available jobs in InfoSec will going to continue to be an ever growing demand until this whole internet craze dies out. Then we can finally go back to actually talking to one another in meatspace. As you all might know we are delayed by my current work schedule as I have had a change in hours. I am slowly trickling out the episodes we had recorded until Max and I are able to reconcile our time zone woes. That’s why you are only getting play-offs references now. In July. Also, Happy Canada and America days, albeit early or late. I guess, among other things, it’s the scheduling conflicts that led Max to putting this episode together. His thinking presumably was along the lines of getting me a break down of jobs in InfoSec might lead me to getting a more consistent schedule? Who am I to pretend to understand the mind of a mad man? Shownotes The post Jobs in InfoSec – Episode 024 appeared first on In-security Podcast.

EP023 Enterprise Scale Development Originally recorded back in April We are getting caught up with all the delays that have plagued (or blessed in Max’s case) us. This is the episode where we discuss Enterprise scale development, the different positions that you might find in those circumstances and this will nicely play off the next episode. As usual Max has his large scale pants on and I try to slim him down to small or medium scale so we can get a general overview. Yes, those are fat jokes. Now that I am comfortably heavier than Max I can make those. They aren’t racist, I’m taking them back. So right. Enterprise scale development, what to expect and the roles involved. This episode speaks for itself. Literally. It’s a podcast. We talk. Out loud. And record it. For you. Shownotes The post Enterprise Scale Development – Episode 023 appeared first on In-security Podcast.

EP022 Security on a Cellular Level This week was a topic I wanted to take a look at as it’s becoming a growing concern and there is currently no CLEAR winner from the end user perspective. We discuss security on cellular devices. Cellular security is a growing concern since a lot of the new devices have their “Always on” internet connections and become a frequent source for secure and insecure communication. Businesses both large & small with security concerns really have to take a look at these treacherous devices. Like with many of the topics we’ve discussed this really ends up being summarized as a trade-off of security to inconvenience. As cellular security really becomes more prevalent we, as professionals and enthusiasts, really need to take them seriously. Hopefully in the next couple years we’ll see multi-sim or multi-profile phones become more the norm and we might have another rise of RIM or a similar trend towards remote device management for the security professionals but for now tune in for our general review of options you can do yourself! Shownotes The post Security on a Cellular Level – Episode 022 appeared first on In-security Podcast.

EP021 Crypto Continued More episodes, more episodes, more episodes! We continue our discourse on cryptography with more of Alce Bob & Eve’s adventures! Or should I say MISADVENTURES! I shouldn’t. I should never say that. I apologize sincerely to you dear reader. Crypto is serious business and no place for levity. This has been an enlightening episode. Or HAS IT?! You be the judge, jury, and executioner and then the executor of the will. We’d like some feedback on this episode, Too deep? Too light? What would you like to hear? Send us an email, use the comments for this post or tweet us. We’re all over those things! Hey, just between us, I’ve been thinking of maybe revamping the page layout. What do you think about that? Would that make you feel uncomfortable? Are you so used to this layout from all the time you spend hanging out here on the site? Send an email or a tweet to let me know what your feelings are. And now, back to our regularly scheduled crypto… Shownotes The post Crypto Continued – Episode 021 appeared first on In-security Podcast.

EP020 Cryptographic Adventures of Alice, Bob, and Eve Eagle … eared listeners might have noticed we were getting out of control with our time frame references. While I really found it hilarious after a while it just kinda becomes that uncomfortable funny where no one wants to hear the joke but that one guy keeps saying it so people are just sort of laughing to be polite. This had to stop so I took a firm stance on it and decided (which admittedly I should have maybe mentioned on the site) that we weren’t going to keep on posting things out of order. This meant we were going to sit tight until the fabled episode on cryptographic practices in the form of “Cryptographic Adventures of Alice, Bob, and Eve” was finally released. I was comfortable with holding firm on this since I had done the noble thing and left all the editing for this episode on Max’s lap. I am a good friend and host! I guess unless another Heartbleed things comes along we are going to try and stick to this so that I can stop thinking I am funny and can stop doing the same stupid jokes about our shows being out of order. Which, I think is enough excuses, now let’s talk about this episode! Fubswrjudskb! My how clever of him, you are all thinking! He employed a Caesar cipher to write the topic of the podcast because they are going to discuss such things! That’s right folks! I go for the lowest hanging fruit! Anyways give Cryptographic Adventures of Alice, Bob, and Eve a listen and then leave comments on this post or email us or whatever. Just please don’t encode your comments because while we might be able to talk about it doesn’t mean we can crack it. Heck it took months just to complete the talking about it phase… Shownotes The post Cryptographic Adventures of Alice, Bob and Eve – Episode 020 appeared first on In-security Podcast.

EP019 Preemptive Heartbleed I know that we have maybe teased about some pending episodes (and the teasing gets a little out of hand in this episode…) but we kinda figured it made sense to preempt the episodes we have loaded up with this much more timely, much more pressing coverage of Heartbleed. We still have a line-up of recorded & unreleased content coming so don’t worry, and we are not ones to dangle the carrot only to pull the… Carrot out from under you? However hen something in the security world causes this much of a media frenzy we feel we would be doing you, our faithful listeners (Hi Mum!) a disservice without trying to get you correct, useful, and timely information. Now you can impress your friends and woo your paramour with your stunning in-depth knowledge of Heartbleed. That’s right folks this episode deals with Heartbleed bug, how it works, some of the scope and implications and then using this as a launching point we cover just how one would create a security program to handle such threats and vulnerabilities. And to think, I didn’t even know it was a word previously but now I am heart-hemorrhaging “Heartbleed” all over this post. *Special thanks to Codenomicon, for their Heartbleed logo & name. Shownotes The post Preemptive Heartbleed – Episode 019 appeared first on In-security Podcast.

EP018 CanSecWest Recap After a triumphant visit out to Vancouver British Columbia (I really had to fight autocorrect to get my U in that spelling…) Max has returned back to a wintry East-coast house filled with leaky windows and… One man microphones. That’s right, It’s a call back to the previous EP where we were supposed to have much better quality and then… didn’t. So we recorded this episode where Max gets to recount his visit and adventures to the West-coast but mostly the bits he spent in the basement nerding out at the CanSecWest conference held March 12-14 2014 at the Sheraton Wall Centre. He grew as a human and now brings all his learning to us peons who weren’t in attendance. I guess for a conference about security that seems a little bit lax. How come he can just tell us everything he learned? Why wouldn’t he have to sign an NDA or something. HOW SECURE WAS THIS CONFERENCE?! Anyways, download, tune in, turn on, switch places, shake it all about… It’s Episode 18! CanSecWest Recap! Shownotes The post CanSecWest Recap – Episode 018 appeared first on In-security Podcast.

EP017 Let’s Social Engineer Max a Better Microphone This was going to be epic. This is the first episode that Max and I have recorded face to face in real meatspace since the beginning of this whole endeavor. We were excited. Some may say a little TOO excited because we didn’t actually listen to what the recording was outputting. There is evidently a setting on the microphone that allows it to record from both sides simultaneously. That setting is … Not the one we used. This is the episode on the fine art of the social engineer that we started discussing in maybe ep01 or ep02 or something and decided to hold off on until we were sufficiently able to mess up the recording for everyone. Social engineers work the fine art of manipulation with the eventual goal of gain. Gaining access, gaining permissions, financial gains, you know… gain. So I apologize on behalf of this “ep01” calibre audio quality but try and stick with it. I believe this will lead to more episodes on the topic. Shownotes The post Let’s Social Engineer Max a Better Microphone – Episode 017 appeared first on In-security Podcast.

EP016 Credit Card Compromise What started as an experimental episode (see also: Cop out) about “discussing news” ended up as a pretty interesting discussion about the state of the US banking, retail point of sales, & security failings. We had a couple of articles that all dealt with the credit card compromises brought about by the outdated and quite frankly already obsolete mag-stripe on your run of the mill credit card. So the articles discussed can all be accessed in the shownotes so head over there. I’ll also throw in a silly video that I kept thinking about during the show instead of staying on topic. It also lead to the amazing alliteration all around this article! I mentioned in the last write up that there might be something going on for the 20th episode. I didn’t have anything planned. I just had to write some kind of post for the website and was probably delirious from lack of sleep or too much sleep whichever it is I did the night before. I can hardly remember now. I shouldn’t say sleep supersedes our site’s structure but It might maybe make more mentions of spectacles happen. There might be. Quite frankly I didn’t think we’d make it to 5 so the simple fact of 20 episodes was the spectacle I was talking about. I dunno, I’ll have to talk to Max about it some-more and see if there’s actually something we can do to make it more spectacular? I am now all worn out from alliteration. I think I might need to lie down. Shownotes The post Credit Card Compromise – Episode 016 appeared first on In-security Podcast.

EP015 And BOOM goes the dynamic input! We are drawing ever closer to the 20th episode spectacular! I don’t know if there will in-fact be a spectacle but at this point anything goes. This episode we explain buffer overflow on the heap and stack, format string and off by one vulnerabilities, and what to do to avoid them. It’s maybe a little heavy, maybe a little whimsical, and maybe together we can learn a little bit! Max wanted an image for NOP SLED in the title because that would be more fun than some awkward dude at the top of the post but I was all like “Noooooooooooooope(sled)!” Then I chuckled, then I died a little more inside. Shownotes The post And BOOM goes the dynamic input – Episode 015 appeared first on In-security Podcast.

EP014 Let’s talk about stacks baby! We talked about web vulnerabilities and the markup languages, and interpretation of scripts, but those aren’t real programs running on your computer. This time we’re going to get a little more advanced and talk about programming and execution within the computer drawing back to the first few episodes. It’s detailed but will be the bedrock for the more advanced topics we’ll be discussing in vulnerabilities within applications running on a computer. We mention stacks and cover a great dummy program to really tie this episode together into what I lovingly call the greatest episode ever of any podcast on the internet*. Actually I kinda felt we used the word stacks so much that I really latched onto it after editing this episode. For that I apologize. But it lead to the zany title and really confusing title image this week. We also ran into some perceived quality issues with this week’s episode. After some finessing in the editing studio in the spacious west wing of the guest house in stately Max-Manor Max assures me with aplomb that this is resolved. As always if you disagree with Max please feel free to leave us comments below, Tweet us on twitter or email us via email. *With the possible exception of some of the other podcasts on the internet and episodes that they had. Shownotes The post Let’s talk about stacks baby! – Episode 014 appeared first on In-security Podcast.

EP013 Hardening is Hard As episodes go 013 is a fun & lucky one! We are talking about hardening, we provide a general overview, we provide some ways you can follow along at home to learn on your own and we probably talk complete trash at some point since that’s how we roll! There’s even a b-bomb in this one that I wasn’t expecting, if that’s not enough of a teaser how about this? You will never believe what we cut out of this episode. It was SO cut out of the episode it will never be available to you, the listeners! To be honest I am not sure what it was either but this is the kind of tripe news aggregation websites have to resort to to get people to click something on Facebook and they’re consummate professionals are they not? Hardening is not as dirty as it sounds, I think… It can be summed up as securing infrastructure by eliminating unnecessary weak points. In our context infrastructure means desktops, workstations, routers, network hubs, servers etc. so I think securing means closing open doors, shutting open ports, turning off apps & services that you don’t need, making sure you close the fridge because you aren’t paying to cool the neighbourhood, and locking the front door when you leave the house. Come to think of it, I’m not 100% sure how accurate any of that is, I should probably give the episode another listen. Shownotes The post Hardening is Haaaard – Episode 013 appeared first on In-security Podcast.

EP012 More Common Web Vulnerabilities We journey again into the realm of continuity! This is YET ANOTHER part 2 for content and ease of consumption. This time we wrap up our common web vulnerabilities with the creatively named episode 012, More common web vulnerabilities! I know right? We spared no expense on that name. I was pushing for something about sessions, if you listen to the episode you’ll understand why. SPOILERS: We say “sessions” a lot. But it just didn’t make sense, we already set the title continuity precedence with episode 5 and we are nothing without standards. There’s some housekeeping, there’s some, I want to say banter, and there’s more – more common web vulnerabilities than you can shake a stick at! This is a well rounded episode if I do say so myself! I’m not just writing more about it because I’m procrastinating from trying to make up a clever title image. It’s actually THAT GOOD. (Image solution? COP OUT! I’d like to thank laziness, uninspired titles, and all the little people for making this happen!) Shownotes The post More Common Web Vulnerabilities – Episode 012 appeared first on In-security Podcast.

EP011 Common Web Vulnerabilities Happy new year to all! (With this slightly delayed episode) for which I have no one to blame but procrastination. One might even say it’s a VULNERABILITY of mine. Is that a Segue I hear?! Not really. It’s a poorly shoe-horned in attempt to get back on topic and the topic this “week” is common web vulnerabilities! What do I mean? We give an overview of some of the most frequently used attacks online, ways that websites, web servers, web apps, and web denizens are often compromised by the malicious. I admit I was surprised to find I use some of these exploits myself but not in a malicious manner mind you. I was, however, not surprised at all to find out that over the years I have fallen prey to most of these! The image made more sense before the brains of the operation made me add the “web” part. Just imagine how clever it would be if it was just “common vulnerabilities” SO CLEVER. Funfact: This post represents the most times I have typed the word vulnerabilities, possibly ever. Vulnerabilities. Yup, It’s now a lock! Shownotes The post Common Web Vulnerabilities – Episode 011 appeared first on In-security Podcast.

EP010 Risk on the Caternet Time-line wise, this was recorded before the Christmas break, so, you know, uh, Happy holidays! Purrrrrisk! We’re looking at the balance that all computer users/IT departments/management & budgeting teams have to work within, the risk of third party applications, third party management, CMS (Content Management Systems) vs time and money. Taking the time & resources to specifically learn, lockdown, manage and protect a system or network… This is a good one! It’s also a bit of a breather from some of the recent heavily technical episodes so click play below (or subscribe with your favorite podcatcher!) Feedback: PACING PACING PACING! We received a little feedback about the pacing of the show so we’re trying to pick it up a little (and finesse it in post!) Follow-up/news: In relation to malware ad-serves (I think we discussed a little in Robotnets) Yahoo ended up being compromised and feeding up Malware infected ads over the New-Years holiday break. So I assure you we aren’t actually making this stuff up! We will be sure to cover this a little more in an upcoming episode! You can check out this article from WASH-PO (2) Shownotes The post Risk on the Cat-ernet – Episode 010 appeared first on In-security Podcast.

EP009 – Seven Layer Burrito Max is literally 0 milligrams lighter this episode without his Movember monthstache and you can hear the relief in his voice as he takes us delving into the delicious world of the seven layer OSI model. What is an OSI model you ask? That’s an excellent question! Can I answer it? Not without ruining THE ENTIRE EPISODE… Is there really 7 layers? Could there be an eighth layer? What if I order 2 burritos and pile them on top of one another to make a 14 layer bad mother burrito? SOME OF THESE ANSWERS AND MORE! So you might as well click on the links below to get your LEARN on! (or fire up your favorite podcatcher with the above subscription links) We discuss popular sandwich alternatives and something about computers I think. It really is worth the listen. Shownotes The post Seven Layer Burrito – Episode 009 appeared first on In-security Podcast.

EP008 – Dr Ro-Botnets Some tragic news; our original episode all about botnets, after heaps of recording and tons of feel-good camaraderie, ended up being completely un-usable. I blame myself and possibly society… That having been said we’ve tried to re-record the episode with as much verve and vigor as we could muster staying as true to the original content as we could meanwhile trying to inject levity and you can hear the love and commitment in every terrible joke. Episode 008 is all about botnets! The negative uses and even some valid reasons they might exist… This episode has it all! Bots, nets, and I think I use some pointless big words just because they’re delightful! Make sure you tune in! This is the last episode this year that you’ll get to hear Max’s mustache! Shownotes The post Dr Ro-botnets – Episode 008 appeared first on In-security Podcast.

EP007 – Passwords and other bad ideas We’re playing with our all new free form format. So strap in for a scattered start as we swerve all over the road that is biometrics until we settle into a good groove and start discussing passwords, the perceived security they give some attacks against them. I promise you, this is a learning curve and any feedback you want to give will only help us grow as podcasters and help you grow as a person! Is the free-form format more entertaining or should we keep it a little more structured? Shownotes The post Passwords and other bad ideas – Episode 007 appeared first on In-security Podcast.

EP006 – Skynet – Protection Max is talking bad guys and Matt is talking gibberish! A fun filled episode where we start talking about bad guys and some of the general attacks they might try. As mildly entertaining back-end news we ran into all kinds of editing/post production issues that you totally won’t even notice! Shownotes The post Skynet Protection – Episode 006 appeared first on In-security Podcast.

EP005 – Networking2 – Networking networks Networking’s Baaaaack! We talk more about networking in part two of our networking basics. There’s a lot more in-depth coverage of networks and their interactions with other networks, time, ping we have it all! Matt embarrasses himself by admitting he wasn’t very alert when it came to blindly clicking Google links and Max sings a little tune! What are you waiting for? Shownotes The post Networking2: Networking Networks – Episode 005 appeared first on In-security Podcast.

EP004 – Networking – It’s a Traaaap Part one of our introductory podcast to networking & network security. Housekeeping, family as network, Matt becomes obsessed with the new term he’s learned “Sneakernet” and Max let’s him go hog-wild with a confusing subway car analogy. We cover the general ideas of networking, explain some of the more common protocols and of-course talk about some potential exploits to take advantage of these. All this and more, give it a listen! Shownotes The post Networking: It’s a Traaaap! – Episode 004 appeared first on In-security Podcast.

EP003 – Hardware/Software – Kernel Sunders In which Max really starts to find his voice, we start in on operating systems(OS) and their job in the computer, some attacks against Operating Systems directly and Matt uses the words “touch” & “essentially” altogether too much. All this and more, give it a listen! Shownotes The post Kernel Sunders – Episode 003 appeared first on In-security Podcast.