Hosted by Paul Roberts, The Security Ledger podcast features interviews with leading minds in the area of cyber security, threats and attacks. The Security Ledger is an independent security news website that explores the intersection of cyber security with business, commerce, politics and everyday life. Security Ledger provides well-reported and context-rich news and opinion about computer security topics that matter in our IP-enabled homes, workplaces and daily lives.
Government surveillance has been getting a lot of attention in recent weeks, with the leak of classified information about spying by the National Security Agency using information provided by U.S. telecommunications and Internet firms including Verizon, Facebook, Google and Apple. The stories have revealed the very different legal standards that govern electronic communications and more traditional communications such as phone and postal mail. They have also put many otherwise lawful Internet users in search of technology that will keep their private conversations and thoughts well…private. That, in turn, has sparked concern in the government that civilian use of encryption will hamper lawful interception of communications. Wired.com reported last week that, for the first time, encryption thwarted government surveillance under court-approved wiretaps. That report, from the U.S. Administrative Office of the Courts (AO), said encryption was reported for 15 wiretaps in 2012, compared with just 7 wiretaps conducted during previous years. […]
One of the most vexing problems in computer security today is distinguishing malicious from legitimate behavior on victim networks. Sophisticated cyber criminals and nation-backed hacking groups make a point of moving low and slow on compromised end points and networks, while victim organizations are (rightly) wary of disrupting legitimate business activity for the sake of spotting a breach. In this Security Ledger Podcast, Paul interviews Jason Sloderbeck, Director of Product Management at RSA, EMC’s security division. Jason talks about RSA’s Silvertail fraud analytics technology, and the organizational and technology issues that keep victims from spotting attacks. One of the big mistakes organizations make when they investigate attacks, Sloderbeck said, is focusing too narrowly on a point in time during a web session that is felt to be a good indicator of compromise – like when a user authenticates to a service or “checks out” on an e-commerce web site. “There’s a whole […]
It was hard to escape the big news this week: revelations from The Guardian and The Washington Post about a program of widespread surveillance of online social networks and mobile phone use. The news, both the result of high-level leaks of classified information, has embroiled the Obama Administration in the most serious questions about domestic spying since the Nixon administration. To discuss the week’s events, Paul sat down with Ron Gula, the CEO of Tenable Network Security (and a former NSA security ninja) and Rick Forno, director of the University of Maryland Baltimore County’s Graduate Cybersecurity Program and a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS). While neither guest was surprised to read about the government’s monitoring of cell phone activity or data from social networks, the latest reports lay bare the dimensions of the U.S. government’s domestic spying post 9/11, and raise serious […]
If you work at a rank and file corporation in the U.S. or Europe, stories like those about the breach at the defense contractor Qinetiq are terrifying. Here’s a company that’s on the bleeding edge of technology, making autonomous vehicles and other high-tech gadgetry for the U.S. Military. Despite that, it finds itself the hapless victim of a devastating cyber breach that lasts – by all accounts – for months, or years. In the end, the attackers (likely linked to China’s People’s Liberation Army) make off with the company’s intellectual property (likely all of it) and, soon, defense contractors in Mainland China start turning out devices that look eerily similar to the ones Qinetiq makes. Ouch! If a company like Qinetiq can’t stop an attack by advanced persistent threats (APT) – or whatever name you want to use – what hope do overworked IT admins at rank and file enterprises […]
Editor’s Note: This interview with Qualys CTO Wolfgang Kandek was originally recorded on March 29th. You’re probably not aware of it, but a major transformation is taking place on the Internet. We’ve exhausted the approximately 4.3 billion available addresses for IPV4 – Internet Protocol Version 4 – the Internet’s lingua franca. (Roughly 98% of all Internet traffic.) With billions of new, intelligent devices set to join the global Internet in the next decade, a new addressing scheme was needed. Enter Internet Protocol Version 6 (IPV6), which will create a practically inexhaustible supply of new addresses and some much needed, new security features that can prevent man in the middle attacks, ARP poisoning and a host of other ills. But organizations that have the luxury of waiting to upgrade their networks should do so, says Qualys CTO Wolfgang Kandek in this exclusive interview with The Security Ledger. From vulnerability scanning to […]
