Difference between revisions of "Episode295"

From Security Weekly Wiki
Jump to navigationJump to search
Line 42: Line 42:
 
== Jack's Totally Rad Stories==
 
== Jack's Totally Rad Stories==
 
#[http://blogs.gartner.com/ramon-krikken/2012/07/02/creating-an-appetizing-and-healthy-application-security-diet/ Ramon Krikken responds] to the backlash against his WAF comments.  Worth a read, he makes some good points, and doesn't simply cop out and blame the journalist for the tome of the article.
 
#[http://blogs.gartner.com/ramon-krikken/2012/07/02/creating-an-appetizing-and-healthy-application-security-diet/ Ramon Krikken responds] to the backlash against his WAF comments.  Worth a read, he makes some good points, and doesn't simply cop out and blame the journalist for the tome of the article.
 +
#[https://support.twitter.com/articles/20170002# Twitter Transparency Report] An interesting look at requests for user information, and takedown/removal requests received by Twitter.
 +
#[http://www.csoonline.com/article/709981/data-breach-bill-leaves-lots-of-wiggle-room Feeble data breach bill is feeble] It may sound good, but it isn't.  This would preempt data breach laws in 49 US states and territories, and doesn't even set a deadline for disclosure.  This is A Very Bad thing disguised as a good thing.
 +
#[http://threatpost.com/en_us/blogs/senator-seeks-strengthen-sec-required-cybercrime-reporting-070212 But there is a move to strengthen SEC reporting laws] At least Sen. Rockefeller thinks we need more real disclosure.

Revision as of 18:35, 5 July 2012


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 295 for Thursday July 5th, 2012

  • Episode 300 of PaulDotCom Security Weekly will be recorded and streamed live on Friday August 31st in support of of a cure for Breast Cancer. We will broadcast live from 10am until 6PM Eastern time and the show will feature tech segments, round table discussions and special guests. Mark it on your calendars today!

Interview: Randy Marchany

Randy is the CISO for Virginia Tech and a co-author of the original FBI/SANS Institute "Top 10/20 Internet Security Vulnerabilities" document that has become a standard for most computer security and auditing software. He is the co-author of the SANS Institute's "Responding to DDOS Attacks" document that was prepared at the request of the White House in response to the attacks of 2000. He is also acknowledged as one of the North American masters of the hammer dulcimer.

Tech Segment: TBD

Teasers & Plugs

Teasers & Plugs

  • DerbyCon Call for Papers and Ticket Registration is: available online. If you have not yet registered or submitted a talk, please do so now.
  • Episode 296 will feature interviews with Ben & Lawrence of the Pentesticles Blog

Stories

Teasers & Plugs

  • Security BSides everywhere: Cleveland, Las Vegas, Los Angeles more. http://www.securitybsides.com/ - We have 5 BSides tickets (only 3 left) to give away! Listen to the instructions at the end of Episode 282 for complete details, or submit a technical segement!

Paul's Stories

Larry's Stories

Jack's Totally Rad Stories

  1. Ramon Krikken responds to the backlash against his WAF comments. Worth a read, he makes some good points, and doesn't simply cop out and blame the journalist for the tome of the article.
  2. Twitter Transparency Report An interesting look at requests for user information, and takedown/removal requests received by Twitter.
  3. Feeble data breach bill is feeble It may sound good, but it isn't. This would preempt data breach laws in 49 US states and territories, and doesn't even set a deadline for disclosure. This is A Very Bad thing disguised as a good thing.
  4. But there is a move to strengthen SEC reporting laws At least Sen. Rockefeller thinks we need more real disclosure.