Tag Archives: Radio Free Security

March Radio Free Security: Record Breaking DDoS

Record Breaking DDoS, Cracked Crypto, and ICS Honeypots

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you.

After a small unscheduled hiatus, Radio Free Security is back. Unfortunately, I had to skip our February episode due to a very busy work travel schedule. To make up for it, we return this month with a double heaping of information security (InfoSec) stories and news. Plus, we’ve thrown in a fun security-themed song parody to boot.

Here’s what to expect in this month’s episode:

  • Security Story of the Month (SSotM) [Pt.1 3:20 – 34:05, Pt.2 37:10 – 1:07:00] – During SSotM, Ben Brobak, Chris Shaiman, and Corey Nachreiner highlight the most concerning security stories and incidents from the month. Topics include a new weakness in a cipher associated with SSL and TLS, more zero day Java exploits, a severe sentence in a cyber security trial, the largest DDoS attack ever seen, and more. Follow along to learn which story takes the cake, and what you can do to defend your network.
  • WatchGuard’s Secure Shop Song Parody [34:19 – 37:10] –  We debut our latest security-themed song parody. A talented and creative group of WatchGuard employees wrote a song parody to Macklemore’s popular Thrift Shop rap. We’re proud of this rising Seattle-based rapper, so thought how better to celebrate his success than making our own tongue-in-cheek security tune in this honor. I think the song turned out great, and you can expect us to post the accompanying music video soon. Give it a listen (I will post a new direct link shortly).

So settle in, adjust your volume, and enjoy the show.

[runtime: 1:08:17]

You can always find the latest episode of Radio Free Security:

— Corey Nachreiner, CISSP (@SecAdept)

January Radio Free Security: Red October, Java 0day, and More

Red October, Java Zero Day, and UPnP Problems

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you.

January was rife with security breaches, zero day, and other InfoSec related stories. That’s why this month the Radio Free Security analyst team spends much of the episode highlighting the big issues you should know about, and how you can protect yourself from some of the threats.

  • Security Story of the Month (SSotM) [Pt.1 3:43 – 26:50, Pt.2 40:34 – 1:00:50] – During SSotM, Richard Gilmour, Chris Shaiman, and Corey Nachreiner highlight the most concerning security stories and incidents from the month. Topics  include many Java zero day exploits, H.D. Moore’s UPnP security report, Red October, the Aaron Swartz suicide, and more. Listen in to learn which issue we thought has the most ramifications for our industry, and what you can do about them.
  • What’s Up with WatchGuard  [27:15 – 40:02] – Blazing Fast Hardware. Join us to learn the latest product news from WatchGuard. Nachreiner interviews the XTM appliance product manager, Brendan Patterson, to learn about some exciting new products that just released. They also discuss some of the highlight features in our most recent, 11.7 software release. If you own WatchGuard gear, you won’t want to miss this segment.

So settle in, adjust your volume, and enjoy the show.

[runtime: 1:02:14]

[audio http://www.watchguard.com/archive/files/rfs/rfs0113.mp3]

You can always find the latest episode of Radio Free Security:

— Corey Nachreiner, CISSP (@SecAdept)

December Radio Free Security: 2013 Security Predictions

WatchGuard’s 2013 Security Predictions Unveiled

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you.

Love ’em or loath ’em, security predictions have become a pretty regular part of the holiday season. Personally, I believe they contribute value to the information security (infosec) industry. After all, at their core, predictions are based on real industry trends; pundits and analysts (like me) just like to wildly extrapolate those trends to make them sound fun and entertaining. However, the true point of predictions—well, my true point anyway—is to educate and spread awareness. Hopefully, talking about these potential security issues can prepare you to avoid them before they happen to you.

A few weeks ago, you heard the Radio Free Security (RFS) co-hosts and I go over our 2012 security predictions, to see how we did. I’d say we earned a C+. During this month’s episode, I’ll see if I can score better by unveiling my 2013 security predictions to the same team. I purposely kept my annual forecasts from them until this recording, just so you’d get their honest, gut reactions. Do they whole-heartedly agree with my foretellings, or scoff at my foolhardy imaginings? Listen in to find out.

To give you a hint of what you’re in for, the predictions cover topics such as life-threatening hardware hacks, mobile device pick-pockets, cyber strike-back, zombie browsers, and much more. Whether or not our specific predictions come true, the episode explores many real infosec trends that everyone, from the smallest consumer to largest enterprise CSO, will face  in 2013. At the very least, I suspect my predictions will prove a little more accurate than the ancient Mayans’ one about December 21, 2012 (hope I don’t eat my words).

So, grab your favorite holiday beverage, get comfortable, and settle in for Radio Free Security’s final 2012 episode.

Note: Due to the seasonal sniffles, our web team cannot post this episode to its normal feeds until tomorrow. For now, you can download a ZIP version of the episode, or listen to it using the player below. The links to RFS’s normal locations will be updated shortly.

[runtime: 2:02:56]

You can always find the latest episode of Radio Free Security:

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: November 2012 Episode

2012 Security Predictions in Review: Win or Fail?

We’re nearing the end of the year, which means the season of holiday decorations, spiked eggnog, and Christmas music blaring in every store and on all the radio stations… It also means the season of annual predictions.

Every year, the WatchGuard security analysts and I pull out our crystal balls, tarot cards, and tea leaves, and try to forecast some of the security threats and trends you can expect in the following year. November’s episode of Radio Free Security (RFS) is the first of our two-part, end-of-the-year security prediction series.

In this first prediction episode, I invite my co-hosts from our regular Security Story of the Month segment to review our 2012 security predictions, and decide how we did. Were WatchGuard’s security predictions on the mark, or were they epic fails? In this episode, we learn the more people invited to weigh in, the harder it is to decide. In any case, whether you’re curious about the accuracy of our previous predictions, or just want a quick review of some of the biggest security incidents of the year, this episode is for you.

Of course, you can probably guess what we’ll cover in the second episode of our two-part series. That’s right! Our 2013 Security predictions. Rather than wait till the end of the month, we’ll post December’s RFS prediction episode in a week or so. That way you’ll have time to check out our new predictions before the year ends. In fact, I’ll share a little secret. You can already check out our 2013 predictions on our web page, but you should still listen in next week to see how the team reacts to a few of the more sensational forecasts.

By the way, for those new to Radio Free Security (RFS), it’s a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you.

So grab a steaming cup of holiday cocoa, settle into a plush chair by the fire, and join us for the 2012 prediction review episode of Radio Free Security.

You can always find the latest episode of Radio Free Security:

Or just listen to November’s episode using the player below [runtime: 1:24:34].

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: October 2012 Episode

The Dirty Little Secret of Security Breaches

Every week it seems like there is another major data breach… so what’s the deal? Are attackers getting more sophisticated; Is malware more sneaky; Or are people just not protecting themselves? That answer is probably simpler than you think. In this month’s episode, we uncover the secret of data breaches, share the latest top security news, and even highlight a new WatchGuard XTM appliances feature. If you’re passionate about security, you’ll feel right at home, so listen in.

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you. So grab a seat, relax, and enjoy the show.

October’s episode includes:

  • The Security Spotlight [4:08 – 44:18] – The Dirty Little Secret of Security Breaches. 2011 was the year of breaches, and attackers haven’t let up this year. With so many network and data breaches we have to ask ourselves, “what are we doing wrong?” During this month’s Security Spotlight segment, Ben Brobak and I propose a basic answer to that question, and more importantly, share six firewall policy best practices that will make your organization more resilient against network attacks. If you want to get the most out of your firewall or UTM appliance, this segment’s for you.
  • WatchGuard Wire [45:05 – 52:44] – Introducing RapidDeploy. Does your organization have remote offices or mobile users? Would you even call yourself a Distributed Enterprise? Or, are you a Managed Security Service Provider (MSSP) who handles hundreds of customer firewalls? If so, WatchGuard’s new RapidDeploy feature will save you money and make your life a whole lot easier. In this segment I interview Product Manager, Johnni Aguirre, about an upcoming XTM appliance capability that should excite anyone with remote devices.
  • Security Story of the Month (SSotM) [53:35 – 1:46:00] – During September’s SSotM segment, Richard Gilmour, Chris Shaiman, and Corey Nachreiner highlight the most concerning security stories and incidents from the month. Topics from the segment include accusations of cyber espionage, a new nation-state sponsored APT threat, and a couple old-school attacks that still can have serious ramifications. During the talk, we decide which issue will have the greatest affect on the industry, and what you can do about all of them. For a recap of October’s top security news, and some defense tips, listen in.

You can always find the latest episode of Radio Free Security at:

Or just listen to October’s episode using the player below [runtime: 1:49:05].

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: September 2012 Episode

Cyber Attacks on Physical Infrastructure: Protecting SCADA and ICS Systems

Digital network attacks that can blow up generators, shut down power grids, or damage nuclear facilities seem like the stuff of science fiction. However, we currently live in a world where nation-states launch just such attacks against one another, and may escalate them in the future. In this episode, Nachreiner interviews an industry expert from Alstom Grid about SCADA and ICS systems, and attacks against them.

If you are new to our podcast, Radio Free Security (RFS) is a monthly audio program dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, you’ve found the right podcast. Charge up your Android, iPod, or MP3 player and give Radio Free Security a listen.

September’s episode includes:

  • The Security Spotlight [3:33 – 45:23] – Protecting SCADA and ICS Systems. In this episode, Corey Nachreiner interviews Sharon Xia, an industry expert from Alstom Grid, about SCADA and ICS systems, and the ramifications of increasing digital attacks against these physical infrastructure systems. They discuss what SCADA and ICS systems are, whether or not they differ greatly from typical business computer systems, and how attackers are targeting them. More importantly, Xia and Nachreiner talk about defending these critical systems as well. If you manage SCADA or ICS systems, or are just curious about this fascinating trend in the information and network security, you won’t want to miss this interview.
  • Security Story of the Month (SSotM) [46:04 – 1:13:08] – During September’s SSotM segment, Richard Gilmour, Chris Shaiman, and Corey Nachreiner highlight the most concerning security stories and incidents from the month. Topics from the segment include a big Internet Explorer (IE) zero day exploit, a new HTTPS attack, a stolen digital certification, and a big SCADA company breach. Follow along to learn which incident we think will affect the industry the most, and what you can do about them all.

You can always find the latest episode of Radio Free Security at:

Or just listen to September’s episode using the player below [runtime: 1:15:37].

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: August 2012 Episode

Nation-state Malware, VMware Worms, and Java Zero Days

Looking for the latest security news and best practice tips? Well charge up your iPod and give Radio Free Security a listen.

This month’s episode includes August’s biggest security stories and a classic segment from shows past. If you want to know how to protect yourself from the latest zero day exploit, or learn about the principle of least privilege, give our podcast a listen

If you are new to our podcast, Radio Free Security (RFS) is a monthly audio program dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online.

August’s episode includes:

  • Security Story of the Month (SSotM) [4:07 – 55:35] – In this month’s SSotM, Richard Gilmour, Christian Garland, and Corey Nachreiner highlight the most concerning security stories and incidents from August. The segment includes a new advanced persistent threat, some paradigm shifting malware, and a highly critical Java zero day vulnerability that attackers are exploiting in the wild. Check it out for the latest defenses.
  • Security Tip-o-Matic 650 [56:58 – 1:13:30] – In this classic segment, we dust off an old Tip-o-matic 650 clip from a past episode. Listen to previous Radio Free Security hosts share a few security best practices that are still relevant today. The segment covers limiting user privilege, egress filtering, and monitoring your logs. If you’re looking to brush up your information security skills, these tips will help.

You can always find the latest episode of Radio Free Security at:

Or just listen to August’s episode using the player below [runtime: 1:15:45].

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: July 2012 Episode

Blackhat & DEF CON 2012: The Highlights

Blackhat and DEF CON are two of the longest running security and hacking conferences in the industry, and arguably the first such conferences to exist. They’re also the subject of this month’s Radio Free Security. If you missed these popular security conferences this year, check out this month’s episode to learn about the latest research, attack vectors, and threats presented at these shows.

If you are new to our podcast, Radio Free Security (RFS) is a monthly audio program dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online.

July’s episode includes:

  • The Security Spotlight [4:05 – 45:59] – Blackhat and DEF CON 2012 highlights. This month, Ben Brobak takes a turn in the host chair to interview Corey Nachreiner about his trip to this year’s Blackhat and DEF CON security conferences. They cover the themes of the shows, Nachreiner’s favorite presentations, and the implications of some new attack vectors on the industry. They also share a few practical security tips along the way. If you couldn’t attend these exciting security conferences yourself, this segment gives you the skinny.
  • Security Story of the Month (SSotM) [46:33 – 1:28:02] – This month’s SSotM continues the Blackhat and DEF CON theme. Many researchers save their most important discoveries for these two conferences, so most of the big security stories this month revolve around things disclosed in Vegas. Join a round table of WatchGuard security professionals as they discuss the big stories from July, and figure out which one qualifies as the story of the month. If you use wireless networks in an enterprise setting, you won’t want to miss this segment.

You can always find the latest episode of Radio Free Security at:

Or just listen to July’s episode using the player below [runtime: 1:30:09].

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: June 2012 Episode

Dissecting Flame: A Nation-State Cyber Espionage Threat

If you’ve subscribed to our RSS or iTunes feed, you may have noticed June’s episode of Radio Free Security went up a few days ago. I didn’t want to post about it earlier, due to the upcoming U.S. Fourth of July holiday. However, now that you’ve had your fill of fireworks, go check out this month’s informational and educational episode.

For those new to our blog, Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online.

June’s episode includes:

  • The Security Spotlight [4:00 – 57:30] – Dissecting Flame: A Nation-State Cyber Espionage Threat. Late last month, researchers discovered a new advanced threat called Flame, which had infected hundreds of Middle Eastern organizations for years. In this month’s spotlight segment,  Ben and I discuss this interesting new malware sample. What does it do, how does it spread, and how can you protect yourself from this type of advanced attack? They also discuss the evidence suggesting that Flame is a government sponsered cyber attack, and what that means for the future of network and information security.
  • Security Story of the Month (SSotM) [58:22 – 1:33:23] – Want to learn about the security highlights from June? Join Christian, Chris, and I in a round-table discussion where we chat about the Linkedin breach, Apple’s new security stance, and intellectual property swiping malware. Which of these big June stories rises to the top? For the answer to that, and a dose of the latest security news, listen to this month’s SSotM segment.

You can always find the latest episode of Radio Free Security at:

Or just listen to June’s episode using the player below [runtime: 1:37:05].

— Corey Nachreiner, CISSP (@SecAdept)

Radio Free Security: May 2012 Episode

Getting Started with Application Control

If you follow our RSS or iTunes feed, you probably noticed we posted the May episode of Radio Free Security.

For those new to our blog, Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online.

May’s episode includes:

  • The Security Spotlight [4:00 – 30:30] – Getting started with Application Control. Many network and security vendors talk about Application Control, but few businesses have actually started using it yet. Perhaps they don’t know it exists, or what is does, or how to deploy it. That’s why Peter and I discuss Application Control in this month’s episode of Radio Free Security. What is it? How might you use it? Will it help protect your network? And, what’s the easiest, most pain-free way to deploy it? Learn all this and more during a brisk interview with one of WatchGuards most experienced sales engineers.
  • Security Story of the Month [31:00 – 56:08] – Did you miss the big security news from this month? If so our podcast will catch you up. Richard, Chris, and I discuss upcoming cyber legislation, paid security patches, and Android drive-by downloads. I even squeeze in one surprise story from the end of the month, which will have resounding implications on cyber espionage. Which security story should most concern you? Find out during this monthly roundtable discussion.

You can always find the latest episode of Radio Free Security at:

Or just listen to April’s episode using the player below [runtime: 1:00:00].

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: