DtR Security Newscast: why CISOs get no respect, how many passwords?, and more

Recording the Security Newscasts is a real blast. Hopefully that comes through when you listen in!

I invite you to listen to the latest episode of the Down the Rabbithole (DtR) Security Newscast for August 11, 2014– with Raf Los (@Wh1t3Rabbit) and James Jardine (@JardineSoftware). We record the DtR Newscast every other Monday to engage in spirited discussion about security topics in the news.

More than a run-down of the news, it’s our unfiltered (but safe for work) discussion of top stories. We usually inject some passion and and some divergent thinking to fuel your week. This episode has a cool energy and flow that I think makes for a good listen. Let me know if you agree.

This week, we covered:

• Survey shows CISOs still struggle for respect (from business peers)
  • http://www.cio.com/article/2460165/security/cisos-still-struggle-for-respect-from-peers.html
• Hold Security uncovers 1.2 billion password heist on Russian hacker sites (but something smells funny) – draw your own conclusions folks… I’d love to hear ‘em
  • http://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever
  • http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/
  • https://identity.holdsecurity.com/Submit/
  • http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/
• Yet another Android core software blunder, called “Fake ID”, essentially gives “highly privileged malware” a free ride.
  • http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/
• HP study says 70% of “Internet-of-Things” (IoT) vulnerable. There’s a shock, we’re carrying around legacy baggage? Perish the thought.
  • http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-Study-Reveals-70-Percent-of-Internet-of-Things-Devices/ba-p/6556284
• Civilian sector is better than the military at Cyber-War exercise. *rollseyes*
  • http://www.navytimes.com/article/20140804/NEWS04/308040019/In-supersecret-cyberwar-game-civilian-sector-techies-pummel-active-duty-cyberwarriors?sf29369064=1
• Target booking $148M due to data breach
  • http://fortune.com/2014/08/05/target-data-breach-profit/
  • http://investors.target.com/phoenix.zhtml?c=65828&p=irol-sec
• PF Chang’s does an astonishingly good job at being transparent about their breach(es)
  • http://www.bankinfosecurity.com/pf-changs-breach-33-locations-hit-a-7153/op-1

Take a listen and let me/us know how we did on the segues this episode:

• DtR Security Newscast show notes (official) here: http://podcast.wh1t3rabbit.net/dtr-episode-105-newscast-for-august-11-2014
• Direct link to the MP3 here: http://traffic.libsyn.com/ftwr/DtR_Episode_105_-_NewsCast_for_August_11_2014.mp3

Consider this the invitation for discussion

What we started on a Monday morning is just the start. Keep it going here, on Twitter (I’m @catalyst) or the different “neighborhoods” in which I hangout (check out the bar on the upper right). If you have a topic you want us to discuss on the next DtR Security Newscast, drop us a line.