Listen Now

Carl Gottlieb and Paul Heffernan discuss Supply Chain Security, victim shaming, risk assessments and the Morrisons vicarious liability ruling. Show Notes

Carl Gottlieb and Paul Heffernan discuss Supply Chain Security, victim shaming, risk assessments and the Morrisons vicarious liability ruling. Episode 7 – We talk about supply chain security and what we can do to beef it up. And we’ll discuss what happens when those controls fail, we get a breach, and whether shaming the victims is the best way forward. Morrisons Case England and Wales Court of Appeal (Civil Division) Decisions: https://www.bailii.org/ew/cases/EWCA/Civ/2018/2339.html Sample Risk Assessment Tool Risk and Controls Assessment Template.xlsx https://drive.google.com/file/d/1BlBV7illXUZfPD36JUKLFxD_1sQDrRJU/

Episode 6 – The first episode with Paul Heffernan! We focus on APP fraud and the security’s focus on the wrong priorities. APP Fraud Revolut video with Paul Heffernan talking APP fraud:  In the first half of this year, scammers stole £500m from UK banking customers. Our Chief Information Security Officer explains how this happened, and what we're doing to protect our customers. pic.twitter.com/Q9uvHIHMKY — Revolut (@RevolutApp) September 26, 2018 Payment Systems Regulator Report: https://www.psr.org.uk/psr-publications/consultations/APP-scams-report-and-consultation-Nov-2017 SuperMicro Story Original Bloomberg story: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies Rebuttal statements from Amazon, Apple, Supermicro, and the Chinese Government: https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond Kan “Ye” West iPhone Passcode (Mountain out of Molehill) https://www.google.com/search?q=kanye+west+000000 Apology – On the podcast Carl mistakenly called SuperMicro “Microscope”. Blame Paul for making Carl record the podcast late in the day.

Episode 5 – I interview Chad Skipper from Cylance – the makers of Next Generation Antivirus built upon Machine Learning and a whole lot of very smart people. We discuss why Dell chose Cylance for their business laptops, what’s wrong with legacy antivirus products and what we can all do to better evaluate products for ourselves. Some of the topics we dive into include Antivirus Testing companies, testing horror stories, “Fraud and Extortion” and overall AV effectiveness. If you enjoyed this episode, please leave us a review on iTunes, and if you’ve any comments, questions or requests for the podcast, please let us know on Twitter, we’re @c2_fm, and you can follow Carl at @carlgottlieb. Show Notes Guests Chad Skipper – @chadskipper Cylance – @cylanceinc Links Chad Skipper’s Blog – https://blog.cylance.com/author/chad-skipper

Episode 4 – I interview Jeremiah Grossman, one of Application Security’s leading figures and founder of WhiteHat Security. We discuss his career, his recommendations for protecting yourself and your web apps, and hear his outlook for the future of the InfoSec industry. Some of the topics we dive into include security guarantees, Cyber Insurance, InfoSec budget issues, the skills shortage, ambulance chasing, teaching his kids to pick locks, staying healthy with sport and hobbies, online advertising, tips for personal password management, the value of Web Application Firewalls, and much more…. And a couple of quotes from Jeremiah in this episode: “It’s a 75 billion dollar garage sale where all sales are final.” “We have a credibility crisis going on” If you enjoyed this episode, please leave us a review on iTunes, and if you’ve any comments, questions or requests for the podcast, please let us know on Twitter, we’re @c2_fm, and you can follow Carl at @carlgottlieb. Show Notes Guests Jeremiah Grossman – @jeremiahg Jeremiah’s personal website – http://jeremiahgrossman.com/ Links WhiteHat Security – @whitehatsec  Website

Interview with the Johnathan Kuskos of WhiteHat Security to discuss the Top Ten Web Hacks of 2015 – WhiteHat’s annual compilation of the year’s best research into hacking web applications. Show Notes

Episode 3 – I interview Johnathan Kuskos of WhiteHat Security to discuss the Top Ten Web Hacks of 2015 –WhiteHat’s annual compilation of the year’s best research into hacking web applications. If you enjoyed this episode, please leave us a review on iTunes, and if you’ve any comments, questions or requests for the podcast, please let us know on Twitter at @carlgottlieb. Show Notes Guests Johnathan Kuskos  – @JohnathanKuskos WhiteHat Security – @whitehatsec  Website Top 10 Web Hacks 2015 The Top 10 List and the submissions that didn’t make it – WhiteHat Top 10 Blog Webinar on the Top Ten List – May 3rd 2016 – Register here AppSec EU July 1st 2016 – Johanthan Kuskos presentation Corrections AppSec EU is July 1st (not June 1st as I incorrectly said in the show)

Episode 2 – We take a deep dive into the world of online hacktivism. I interview the hacktivist group New World Hackers, discussing their recent campaigns, their stresser DDoS for hire service and the motives behind the Xbox and HSBC attacks. If you enjoyed this episode, please leave us a review on iTunes, and if you’ve any comments, questions or requests for the podcast, please let us know on Twitter at @carlgottlieb. Show Notes Guests New World Hackers – @NewWorldHacking Resources Website Availability Checking Tool: check-host.net – Check-Host is a modern online tool for website monitoring and checking availability of hosts, DNS records, IP addresses TOR: https://www.torproject.org/about/overview.html.en News Xbox Live DDoS Attack | Expresshttp://www.express.co.uk/entertainment/gaming/646543/Xbox-Live-down-Xbox-One-Microsoft-online-multiplayer-not-working-why-is-Xbox-Live-down Snoop Dogg Calls Out Gates Over Xbox Outage | Sky Newshttp://news.sky.com/story/1622456/snoop-dogg-calls-out-gates-over-xbox-outage

Episode 1 – We’re starting the podcast series with a big bang and in this episode we’re focusing entirely on the world of DDoS attacks. I interview the New World Hackers, the hacking group who notoriously brought down the BBC on New Year’s Eve with a massive 602 Gbps DDoS attack. We discuss who the New World Hackers are, and what they stand for, and who they’ll be targeting going forward. We get technical on what really happened with the BBC and dive head first into the methods used by black hats to take down their victims. We then discuss how to protect yourself from a DDoS attack, what technologies are worthwhile (and which are not) and what tools you can use to maintain your Opsec online. If you enjoyed this episode, please leave us a review on iTunes, and if you’ve any comments, questions or requests for the podcast, please let us know on Twitter at @carlgottlieb. Show Notes Guests New World Hackers – @NewWorldHacking Resources NWH Recommended Hosting Provider: Cortex Hosting Website Availability Checking Tool: check-host.net – Check-Host is a modern online tool for website monitoring and checking availability of hosts, DNS records, IP addresses TOR: https://www.torproject.org/about/overview.html.en News BBC DDoS Attack 31/12/2015 | Breacheshttps://breach.es/bbc-ddos-nwh/ Web attack knocks BBC websites offline | BBChttp://www.bbc.co.uk/news/technology-35204915