Podcast: Fixing the SSL certificate chain

In this podcast, Access’ Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.

Podcast: Automating social engineering

The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.

Podcast: Science fiction and security

Podcast: Science fiction and security

The University of Washington is thinking outside of the box when it comes to educating computer science students about information security. In this edition of the SC Magazine podcast, associate professor Yoshi Kohno explains how instructors are using “science fiction” to force students to think critically about the discipline. Considering how quickly technology evolves, how often threats change and how wide a scope the security field encompasses, pupils must use out-of-the-box thinking if they are to succeed upon graduation.

George Ledin, computer science professor, Sonoma State University

Podcast Episode No. 4: Teaching malware in college

A number of universities have launched curricula in computer science, but noticeably absent are courses, even electives, that specifically address malware. In this edition of the SC Magazine podcast, George Ledin, a computer science professor at Sonoma State University in California, explains why not teaching malware at the college level can have a huge, negative impact on data security. Ledin – who just penned an essay on the topic – also takes on his critics, who argue that educators either lack the resources or time to educate students on malware, or that teaching about malicious code is taboo.

Podcast Episode No. 3: Microsoft’s Blue Hat competition

Katie Moussouris, senior security strategist lead at Microsoft, discusses the software giant’s recently announced Blue Hat competition, which offers $250,000 in cash and prizes to the winning researchers who develop advanced technologies to defend Windows against entire classes of vulnerabilities that can be exploited to bypass the platform’s existing mitigations. Moussouris describes how Microsoft came up with the idea, why defensive research is just as important as one-off vulnerability discoveries and how the oft-cynical research community is reacting to the contest.

Podcast Episode No. 2: Targeted attacks

In this episode, Michael Cotton, chief network security architect of Digital Defense, explains why targeted cyberattacks are on the rise and why many organizations are failing to recognize this increasing threat. Cotton offers a list of corporate actions that may incite such an attack and suggests some remedies for staying out of the hackers’ crosshairs and being compromised. Hint: Uninstall the programs your employees don’t need.

Podcast Episode No. 1: The business of spam

To kick off SC Magazine’s revamped podcast series, Executive Editor Dan Kaplan speaks with Kirill Levchenko, a project scientist at the University of California, San Diego, who is co-author of a new research paper that investigates the payment handling portion of the spam chain. Levchenko and 14 others argue in the paper that much of the anti-spam focus over the years has been on technical controls when, in fact, hitting the spammers and their affiliates where it hurts the most — in their pockets — may be the best approach.

Next post in Podcasts