Difference between revisions of "Episode138"

From Security Weekly Wiki
Jump to navigationJump to search
Line 24: Line 24:
 
= Stories For Discussion =  
 
= Stories For Discussion =  
 
[http://www.news.com.au/story/0,27574,24964224-401,00.html Social Engineering To Become A Police Officer]
 
[http://www.news.com.au/story/0,27574,24964224-401,00.html Social Engineering To Become A Police Officer]
 +
 +
[http://feeds.feedburner.com/~r/AntonChuvakinPersonalBlog/~3/526989288/compliant-0wned.html 0wned By Compliance] - [PaulDotCom] - Anton goes through some seemingly realistic scenarios as to why/how a merchant can be 0wned, even if PCI compliant.  Yes, PCI still has merit as a "Standard", but this does not mean they are secure. I think this is where people go wrong, PCI, in my opinion, just proves that you are doing some stuff in the name of security.  This is important when companies want to work together, they can ask, "Are you PCI compliant" and have some sense that they are implementing security.  Or are they?  Anton points out it depends on who is doing the audit, anyone can walk in and ask "Do you have a firewall?", answer: "yes".  Reminds me of a story about a firewall with two holes in it, through which an Ethernet cable was being passed, therefore all traffic was "going through the firewall".

Revision as of 13:29, 30 January 2009

Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!


Announcements & Shameless Plugs

Welcome to PaulDotCom Security Weekly, Episode 138 for January 29th, 2009. A show for security professionals and by security professionals who have way too much access to beer. and computers. and maltego.


Tech segment: How to safely land an airplane in a river

Stories For Discussion

Social Engineering To Become A Police Officer

0wned By Compliance - [PaulDotCom] - Anton goes through some seemingly realistic scenarios as to why/how a merchant can be 0wned, even if PCI compliant. Yes, PCI still has merit as a "Standard", but this does not mean they are secure. I think this is where people go wrong, PCI, in my opinion, just proves that you are doing some stuff in the name of security. This is important when companies want to work together, they can ask, "Are you PCI compliant" and have some sense that they are implementing security. Or are they? Anton points out it depends on who is doing the audit, anyone can walk in and ask "Do you have a firewall?", answer: "yes". Reminds me of a story about a firewall with two holes in it, through which an Ethernet cable was being passed, therefore all traffic was "going through the firewall".