Eurotrash Security Podcast

The guys over at the Eurotrash Information Security Podcast had me on last week. We discussed HBGary, Thinkst, ZaCon and a bunch of other stuff..

It was pretty enjoyable (although i tried listening to myself and think its a lucky thing i dont do this too often). You can grab it [here]

Comments

Post a Comment

Popular posts from this blog

Using the Linux Audit System to detect badness

Image
Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we need to make sure that we don’t get compromised. But we also need to plan for the horrible event that a customer console is compromised, at which point the goal is to quickly detect the breach. This post talks about how we use Linux's Audit System (LAS) along with ELK (Elasticsearch, Logstash, and Kibana) to help us achieve this goal. Background Every Canary customer has multiple Canaries on their network (physical, virtual, cloud) that reports in to their console which is hosted in AWS. Consoles are single tenant, hardened instances that live in an AWS region. This architecture choice means that a single customer console being compromised, won’t translate to a compromise of other customer consoles. ( In fact, customers would not trivially even discover other customer consoles, but that's irrelevant for this post. ) Hundreds of consoles runn...
Read more

ShoulderPad Slashdotted! (and two clarifications)

(because we can't have enough posts with exclamation marks in them) Our previous post (and research ) seemed to go by pretty silently initially and then suddenly was everywhere. Andy Greenberg wrote a piece over at Forbes which really does deserve special mention. Tech journalists so often sensationalize security stories that many security researchers are quite afraid to even talk them. I certainly was, but his piece was fair, balanced and covered all the interesting points. +1 to him. The Forbes post was copied almost verbatim by a ton of other " news " sites on the 'net, but we beamed with some measure of geek pride at making the front page of Slashdot (and for featuring on the front page of Hacker News , The Unofficial Apple Weblog and HackADay ). Two Clarifications: A surprising number of people reacted to the work (on slashdot, or other forums) with: " FAKE ! The iPad Keyboard is not black!". One thread even went into detail about how this meant th...
Read more

Certified Canarytokens: Alerts from signed Windows binaries and Office documents

Image
As part of a talk at the ITWeb Security Summit last week, we discussed how to trigger email alerts when file signatures are validated with our Canarytokens project. Building on that alerting primitive, we can make signed executables that alert when run or signed Office documents that alert when opened.  Canarytokens is our exploration of light-weight ways to detect when something bad has happened on the inside a network. (It’s not at all concerned with leaks in that dubious non-existing line referred to as “the perimeter” of a network.) We built an extensible server for receiving alerts from passive tokens that are left lying around. Tokens are our units of alerts. When a token URL link is fetched or a token DNS name is queried this triggers an alert via the Canarytokens server. With these (and other tokens) we set out to build alerts for more significant incidents. Office Document Signatures A security researcher, Alexey Tyurin , drew our attention to how opening signed Office...
Read more