Podcast: Play in new window | Download Adobe warns customers of a Cold Fusion 0day, Washing courts owned by that 0day, web servers found compromised with the Cdorked/Darkleech, critical vulnerability in Nginx, Anonymous’ opUSA turned out to be a bunch of nothing, too many admins is bad for security, Name.com gets compromised, The Onion’s twitter feed is compromise by the SEA, slippery slope of BYOD and Google’s plans for authentication….

Podcast: Play in new window | Download This week: Twitter warns news agencies of attacks and to use dedicated PCs for using twitter, the US department of Labor website was compromised and serving up an 0day for IE8, 18 12-13 year olds in Alaska socially engineered passwords for 300 computers out of their teachers, iOS did NOT have a malicious app discovered, AV vendors are starting to shun Windows XP,…

Podcast: Play in new window | Download In this episode, another Java 0day, Symantec’s Q1 2013 0day roundup, the Akamai State of the Internet report, the Verizon 2013 DBIR, AP’s twitter feed hack, and cyber terrorists. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.scmagazine.com/livingsocial-updates-encryption-practices-after-password-breach-affects-50m/article/291042/ Q1 0day vulnerabilities: http://www.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities http://www.akamai.com/stateoftheinternet/ http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf http://akamai.infoworld.com/d/security/5-hot-security-defenses-dont-deliver-217045 http://www.pcworld.com/article/2036261/ap-twitter-hack-prompts-fresh-look-at-cybersecurity-needs.html http://www.hotforsecurity.com/blog/associated-press-twitter-account-hack-hits-us-stock-prices-6015.html http://www.theinquirer.net/inquirer/news/2263460/cyber-terrorists-are-only-a-matter-of-time-warns-eugene-kaspersky

Podcast: Play in new window | Download This week: Twitter account hacks highlight opportunity for exploitation by attackers, Microsoft and Malwarebytes both release bad patches, Oracle releases a Java patch which fixes 42 security bugs, Oracle announces that Java 8 is delayed due to the focus on Java 7, a new botnet is being created by compromising WordPress installations for some unknown purpose, Linode was compromised in an attack targeted…

Podcast: Play in new window | Download Subscribe in iTunes | Podcast RSS Feed | Twitter | Email I’ll be picking someone to give an e-copy of @Taosecurity’s new book “The Practice of Network Security” who sends me an email with feedback on the show. Encrypt your drives, eve. If you don’t think the computer will leave the office: http://feedly.com/k/ZM172z Spate of MS and Adobe patches fix numerous remote code…

Due to an unexpected business trip, the podcast will be recorded and released the night of Monday, April 15 assuming all goes according to plan. Jerry

Podcast: Play in new window | Download The Internet destroying ddos attack that wasn’t http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-cyberheist-victim/ http://hothardware.com/News/Huge-Spike-In-Mobile-Data-Traffic-Drives-IEEE-400-Gigabit-Ethernet-Standard/ http://adamcaudill.com/2013/04/04/security-done-wrong-leaky-ftp-server/ http://nakedsecurity.sophos.com/2013/04/05/ransomware-child-buse/ http://blog.trendmicro.com/trendlabs-security-intelligence/three-lessons-from-the-south-korea-mbr-wiper-attacks/

Podcast: Play in new window | Download Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.informationweek.com/security/vulnerabilities/cisco-password-fumble-hardware-security/240151244 Etsy’s solution for running java: http://codeascraft.etsy.com/2013/03/18/java-not-even-once/ http://www.infosecurity-magazine.com/view/31372/seoul-cautious-in-blaming-north-korea-for-massive-cyberattack- http://blogs.mcafee.com/mcafee-labs/south-korean-banks-media-companies-targeted-by-destructive-malware http://arstechnica.com/security/2013/03/your-hard-drive-will-self-destruct-at-2pm-inside-the-south-korean-cyber-attack/ https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394 https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+-+Part+2/15406 https://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448 https://isc.sans.edu/diary/Wipe+the+drive%21++Stealthy+Malware+Persistence+-+Part+4/15460 http://www.defensivesecurity.org/the-usefulness-of-security-education/

Bruce Schneier recently wrote a blog post about the value of security training on Dark Reading that is a bit provocative. Similar to the comments Dave Aitel made last year, Bruce asserts that money spent on education is more useful if spent elsewhere on improving security. I both strongly agree and disagree with this position. Before you assume I am copping out of taking a stance, let me explain. It’s…