| End User Device Security Series Part 1 – Layered Security and Building a Security Program, November 20, 2005 Part 2 - Access Controls and Configuration Management, November 27, 2005 Part 3 - Wireless Hand Held Device and Wireless Security, December 4, 2005 |
| Episode 37 - Web Application Security (Part 8), August 19, 2006 Topic: Application Denial of Service and Insecure Configuration Management |
| Episode 38 - Desperation doesn't justify bad security, September 9, 2006 Topic: The importance of change management, the potential security risks when desperation enters the project lifecycle, how virtual floors can provide secure flexible business-to-business connectivity, and finally, a look at some ways to handle sensitive information once printed, copied, or faxed. Episode 38 MP3 Segment 1 Notes - Change Management Segment 2 Notes - Desperation doesn't justify bad security Segment 3 Notes - Virtual Floors Segment 4 Notes - But what about the paper |
| Episode 39 - The Home PC Threat, September 24, 2006 Topic: The importance of choosing the right source for audit artifacts, and the growing threat of employee home PCs to the business enterprise Episode 39 MP3 Segment 1 Notes - Who Should Provide Audit Artifacts? Segment 2 Notes - The Threat of Home PCs |
| Episode 40 - Keystroke Dynamics (KD), October 2, 2006 Topic: Examination of biometrics in general. Introduction of Keystroke Dynamics as a low impact biometric alternative. Episode 40 MP3 Episode 40 Notes |
| Episode 41 - Cyber-Espionage, October 15, 2006 Topic: The balance between customer welfare and vendor public image when handling security incidents, establishing reasonable and appropriate system assurance, and a look at our nation's vulnerability to cyber-espionage. Episode 41 MP3 Segment 1 Notes - Customer Welfare vs. Public Image Segment 2 Notes - Establishing System Assurance Segment 3 Notes - Cyber-Espionage |
| Episode 42 - Stepping up to meet security challenges, October 28, 2006 Topic: Commentary on iPods in business, security as a process, and how some programming teams are stepping up to meet security challenges Episode 42 MP3 Segment 1 Notes - Commentary on iPods in Business Segment 2 Notes - Security as a process Segment 3 Notes - Programmers Stepping up |
| Episode 43 - Risk Management, February 18, 2007 Topic: Commentary on iPods as criminal tools, users are not stupid, AJAX vulnerability monitoring, dangers of pirated software, and Risk Management Episode 43 MP3 Segment 1 Notes - Holy Toledo! The iPod did it! Calling endusers stupid doesn't help Scan AJAX for XSS entry points Segment 2 Notes - Software Piracy and Malware Risk Management |
| Episode 44 - Virtual Server Security, February 25, 2007 Topic: Key carrying photons, VoIP vulnerabilities, outsourcing security, memory debugging, Exchange DST woes, and hypervisor-based virtual server security Episode 44 MP3 Segment 1 Notes - Using photons for secure key exchange As VoIP grows, so do the vulnerabilities Techniques for Memory Debugging Outsourcing Security Be careful when you use the Exchange DST fix Segment 2 Notes - Secure hypervisor-based virtual servers |
| Episode 44 - Virtual Server Security, February 25, 2007 Topic: Key carrying photons, VoIP vulnerabilities, outsourcing security, memory debugging, Exchange DST woes, and hypervisor-based virtual server security Episode 44 MP3 Segment 1 Notes - Using photons for secure key exchange As VoIP grows, so do the vulnerabilities Techniques for Memory Debugging Outsourcing Security Be careful when you use the Exchange DST fix Segment 2 Notes - Secure hypervisor-based virtual servers |
| Episode 45 - Keep your eye on the data, March 4, 2007 Topic: Vendor bullying, AV software evaluation, Fuzzing, new SPP issue, kernel malware, and data protection Episode 45 MP3 Segment 1 Notes - SPP raises it's ugly head... Again Fuzz your web apps Government supported malware... Silence is not the answer Anti-malware software comparison Segment 2 Notes - Defend against kernel malware Keep your eye on the data |