DtR Security Newscast: pin those certs, cyber insurance, gmail in the courts
I invite you to listen to the latest episode of the Down the Rabbithole (DtR) Security Newscast for July 28, 2014 — with Raf Los (@Wh1t3Rabbit) and James Jardine (@JardineSoftware). We record the DtR Newscast every other Monday to engage in spirited discussion about security topics in the news. More than a run-down of the news, it’s our unfiltered (but safe for work) discussion of top stories. We usually inject some passion and and some divergent thinking to fuel your week.
This episode has a cool energy and flow that I think makes for a good listen. Let me know if you agree.
This week, we covered:
- Certificate pinning back in the spotlight with the GMail iOS app having some difficulties, but there is a bigger issue here. We discuss.
- Nearly 3 years later, the NASDAQ hack attributed to FSB/Russian ‘state sponsored’ hackers, via 2 “zero day malware’. Highlighting need for attribution, common language, and other issues in security.
- Cyber insurance – is this a forcing function to improve overall security, or yet another carpet to sweet security problems under?
- A judget has just ruled that your “GMail account” has the same legal (or lack thereof) protections as a hard drive you own. Dangerous precedent, or nothing new?
- also relevant – http://nakedsecurity.sophos.com/2013/08/14/google-says-gmail-users-cant-expect-privacy/
- Check out my recent article on the decision: http://www.csoonline.com/article/2459205/security-leadership/why-the-recent-court-ruling-on-gmail-matters-to-you.html
Take a listen and let me/us know how we did on the segues this episode:
- DtR Security Newscast show notes (official) here: http://podcast.wh1t3rabbit.net/dtr-episode-103-newscast-for-july-28th-2014
- Direct link to the MP3 here: http://traffic.libsyn.com/ftwr/DtR_Episode_103_-_NewsCast_for_July_28th_2014.mp3
Consider this the invitation for discussion
What we started on a Monday morning is just the start. Keep it going here, on Twitter (I’m @catalyst) or the different “neighborhoods” in which I hangout (check out the bar on the upper right). If you have a topic you want us to discuss on the next DtR Security Newscast, drop us a line.
Bonus: two more we didn’t get to
- “Operation Emmental” is an assault against 2FA and online banking
- Looks like healthcare is next on the list of verticals targetted… filed under things we all suspected, but will soon see