Knowledge + Malice = Chaos: When Awareness Doesn’t Work – John O’Leary
Corporate Honeypots: Hackers Can’t Believe What They See - L. Brent Huston
Enterprise Open Source Intelligence Gathering – Tom Eston
Network Security Monitoring and Incident Response – Richard Bejtlich
Anti-Virus is Dead – Dave Kennedy
Radio Reconnaissance and Pen Testing: All Your RF Are Belong to Us – Matt Neely
Vulnerability Management in a Post Apocalytic World – Bill Mathews

Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He wrote “The Tao of Network Security Monitoring” and “Extrusion Detection,” and co- authored “Real Digital Forensics.” He also writes for his blog (taosecurity.blogspot.com) and TechTarget.com, and teaches for Black Hat.

Thanks again to Richard for being our guest on the show!

Oh…and as a bonus we have the very first “cross-over of the streams” with PaulDotCom Security Weekly!  Listen to it towards the end of the podcast.  Thanks to Paul and Larry for skyping us in!

Nick Owen is CEO of WiKID Systems a open source two-factor authentication solution.  Nick talks to us about the WiKID solution, how it works and why it’s better then most expensive two-factor authentication solutions.  Be sure to check out the rockin’ Python based command line software token for use with WiKID (created by our friends over at Hurricane Labs)!

Nick is also speaking at the Ohio Information Security Summit October 29-30th on “Securing Network Access with Open Source Solutions”.

Thanks again to Nick for being on the show!

Chris John Riley is a penetration tester and well known security blogger currently located in Austria.  Robin Wood is from the UK and is the creator of many well known open source security projects including Jasager, the Interceptor and KreiosC2. Find out more about Chris on his awesome blog.  You can find out more about Robin and his projects on his website.  Chris and Robin talk to us about Cider, HAR, blogging, BruCON, security/pentest certifications, metasploit modules, Jasager updates, talks at security conferences and more!

Thanks again to Chris and Robin for being on the show!

Frank Breedijk is the creator of AutoNessus which automates regular Nessus scans and provides delta reporting.  Frank also talks about good beer, the European hacking scene, HAR, international hacking/privacy laws and more!  If you want to find out more about Frank you can find him on Twitter and the CupFighter.net blog.

Thanks again to Frank for being on the show!

This special edition was recorded during our 1st annual International BBQ podcast.  This is our second attempt interviewing James Arlen (@myrcurial) who is a Infosec Geek, Hacker, Social Activist, Author, Speaker and Parent.  James was recently a speaker at Notacon 6, DEFCON 17 and HAR.  You can watch his recent talks on Vimeo.  In this interview James talks about hacker pyramid at DEFCON this year, his experience at HAR, his recent speaking engagements, Hackerspaces, hardware hacking and much more.

Oh, don’t forget to check out MiniSoOnCon! MiniSoOnCon is a Southern Ontario Hackerspaces / Makers Mini-Conference October 2nd and 3rd, 2009 in Hamilton, Ontario.

Special thanks to James for his patience in our convoluted editing process (@securid)….

“You don’t have to be David Hasselhoff in Knight Rider to have your car talk to you. OpenOtto is a platform for developing vehicle aware products for the consumer and industrial markets. While it will not ask you how you’re doing this evening, most people don’t realize how much information your car’s computer can tell you. OpenOtto consists of a hardware interface to your car’s OBD II connector as well as an extensible software platform for communicating with all networked electronic devices in the car. Designed for flexibility and scalability, it is easily expandable to future vehicle capabilities.”

Tiffany Rad is president of ELCnetworks, LLC., a technology and business development consulting firm and is also a part-time professor in the computer science department at the University of Southern Maine teaching computer law and ethics.

You can find out more about the OpenOtto project via Tiffany’s blog and the official OpenOtto web site.  Thanks again to Tiffany for being a guest on our show.  Please send show feedback to feedback[aT]securityjustice.com or comment below.

Dave and Tom interview two of the Notacon founders, Froggy and Tyger.  Froggy and Tyger talk about what Notacon is, some of the cool talks this year and why you need to go!  Froggy also gives some details on the new venue and what you can expect this year.

Want more information about Notacon and how to register?  Check out the Notacon web site for all the details.  Security Justice will be there!

ShmooCon is February 6th – 8th 2009 at the Wardman Park Marriott in Washington DC.  Registration begins November 1st at noon eastern standard time!  Check out the ShmooCon website for more details.  Bruce talks about some of the background of ShmooCon, the Shmoo Group and of course Shmoo Ball’s and associated launching devices (aka: cannons)!  Bruce also talks about some of the new things at this years ShmooCon and the need for new speakers.

Thanks again to Bruce for being our guest on the show!

Chris is currently the owner of Lares Consulting which is a vendor-independent security consulting firm that helps companies secure electronic, physical, intellectual and financial assets through a unique blend of assessment, testing, and coaching.  He is also a frequent speaker at various security conferences, most recently at OWASP NY.

Chris describes what it was like filming the TV show, how the show got started and also talks about interesting things when working with a reality TV show crew!  He also talks about how he got into the security industry and some of the interesting things Lares Consulting is doing.

Thanks again to Chris for being our guest on the show!

“In all, their music is more than a collection inside jokes for nerds. It is the culmination of their passion for hip-hop and hacking. We need more music like this.”

“Dual Core … so good you don’t have to be nerdcore to like it.”

“Honestly, there’s nothing that mainstream music has that can top this in music, lyrics, production or overall quality.”

Check out the latest happenings with DualCORE and if you are going to the following con’s…they will be playing live!

October, 11 2008 09:00 PM – Ohio Linux Fest
Columbus Convention Center, Columbus, Ohio 43215 – Free
Playing the OLF after-party again. Woo woo!

October, 11 2008 11:00 PM – Day-Con
33 East Fifth Street, Dayton, Ohio 45402 – TBD

October, 24 2008 08:00 PM – Phreaknic 12
211 N First St, Nashville, Tennessee 37213

You can buy DualCORE’s albums online: Zero-One, Lost Reality, and Super Powers.

Additional links mentioned in the show…Penny Arcade and Lactose Intolerance.  Link to DualCORE videos!

Thanks again to DualCORE for being our guest and for providing the great tunes for our podcast!

Please send feedback to feedback [aT] securityjustice.com or comment below.  Thanks for listening!

In this podcast Jay talks about the DNS vulnerability and (in Jay’s opinion) why Dan Kaminsky went about releasing the vulnerability the way he did.  Jay also talks about his two upcoming talks at Defcon 16:

Owning the Users with The Middler – Saturday, August 9th @ Noon
They’re Hacking Our Clients! Introducing Free Client-side Intrusion Prevention – Sunday, August 10th @ Noon

If you are going to Defcon this year be sure to check out Jay’s talks!  Our sponsor DualCore will also be playing live at theSummit EFF/THF Fund Raiser on Thursday, August 7th @ 9pm at the top of the Riviera!

Thanks again to Jay for being a guest on our podcast!

Please send feedback to feedback [aT] securityjustice.com or comment below.  Thanks for listening!

The Fast-Track tool combines multiple attacks and gives menu driven automation to pentesting.  Fast-Track automates several different types of attacks including Metasploit’s “AutoPwn” and MSSQL brute forcing as well as updates for BackTrack 3.

Dave Kennedy will also be speaking on a panel at Defcon 16 titled Black vs. White: The complete life cycle of a real world breach.

Please send feedback to feedback [aT] securityjustice.com or comment below.  Thanks for listening!

More information below:

http://ascii.textfiles.com/archives/000278.html

http://ascii.textfiles.com/archives/000645.html

This commentary was made the same night as Episode #2 of the Security Justice podcast.