Radio Free Security Podcast
Keep up with the ever-changing world of network security

In this double dose of Radio Free Security, Senior Network Security Analyst Corey Nachreiner, CISSP, and WatchGuard Trainer Nathan Buff talk about two months worth of security stories. Topics include; the latest zero day exploits, security problems plaguing Facebook, the latest Conficker updates, and the BBC's questionable use of a malicious botnet. Also, Gary Spiteri, a Sales Engineer for WatchGuard, shares a talk he heard about whether or not you can get ROI on your security expenditures. He shares some tips that should help you stretch your security budget in these tough economic times. Finally, we open our mailbag to answer WebBlocker questions posed by one of our listeners. Hosted by Corey Nachreiner, CISSP. Running time 1:08:10

In the inaugural 2009 episode of Radio Free Security, Senior Network Security Analyst Corey Nachreiner, CISSP, and WatchGuard Trainer Nathan Buff talk about a huge industry data breach, a fast spreading worm with potential to become a botnet, and a broken cryptographic hash function. Nat Hillary, a Product Manager for WatchGuard, shares the top ten myths about PCI compliance, which may convince you that PCI compliance isn't as herculean a task as you might have feared. (Learn more about PCI at WatchGuard's Retail page). Finally, we open our mailbag to share some of our listeners' security predictions for 2009. Hosted by Corey Nachreiner, CISSP. Running time 1:21:13

Senior Network Security Analyst Corey Nachreiner, CISSP, and Information Security Analyst Scott Pinzon, CISSP, host their second annual Security Predictions episode. They assess and score the six predictions they made in December 2007 about 2008; issue several predictions of what will NOT happen in 2009; and predict six new trends to anticipate this year. Seth Fogie, a leading mobile malware researcher, guests. The wide-ranging discussion touches on such topics as IPv6, SSL/HTTPS, social networking, botnet innovations, cloud computing, mobile computing, cyber-legislation, cyber riots, DNS SEC, eating crow, and much more. Music by Hardly Art. Running time 1:04:29

Senior Network Security Analyst Corey Nachreiner, CISSP, details the happy results of Internet Service Providers (ISPs) shutting down McColo.com, but he questions the methods used. Danny McPherson, Vice President and CSO of Arbor Networks, discusses some surprising findings in his annual Worldwide Infrastructure Security Report, which details what the largest Internet data carriers worry about. Oleg Kalugin, former Major General in the Soviet KGB, details how Russia bugged the US Senate, the Foreign Relations Committee, Henry Kissinger, and even Kissinger's fiancee. Hosted by Scott Pinzon, CISSP. Running time 48:48

WatchGuard trainers answer a network administrator's question about how to lock down a high school's network. Greek researcher Elias Athanasopoulos explains how social networking sites such as Facebook could be easily transformed into "Facebots" that sustain Denial of Service attacks against targets on the Web. WatchGuard introduces a new wireless bridge to help you securely connect to the Internet via 3G. Corey Nachreiner, CISSP, discusses security trends, and in his Security Story of the Month, covers the worst Microsoft vulnerability in two years. Hosted by Scott Pinzon, CISSP. Running time 48:16

Dave Piscitello, Senior Security Technologist for ICANN and a member of the Anti-Phishing Workgroup (APWG), describes how scam artists utilize second-level domain names to make it harder for authorities to take down scam web sites. Mark Waldstein and Scott Pinzon, CISSP, discuss security trends, including a TCP/IP stack vulnerability rumored to potentially take down the Internet. And a new segment called "Geek to Geek" spotlights a barbershop quartet that sings about Star Trek. Hosted by Scott Pinzon, CISSP. Running time 35:20

In his Security Story of the Month, Corey Nachreiner, CISSP, describes the compromise of Best Western Hotels in Germany, and why it is not "the greatest cyberheist in history," as the Glasgow Sunday Herald claimed. Mark Waldstein joins the show and discovers the Tip-O-Matic, which dispenses tips on EULAs, backups, and security by obscurity. The world of network security moves so fast that major events happened after we recorded our first two segments at the end of August, so Scott Pinzon finishes with updates from Sept. 8. Hosted by Scott Pinzon, CISSP. Running time 32:36

In this month's episode, VP of Marketing Eric Aarrestad discusses WatchGuard's roadmap in the coming year - the release of XTM, or "Extensible Threat Management" products. Also, Tech Support Team Lead Ben Brobak returns to answer the latest hot-potato questions coming into our Support call center. Running time 23:55

Two disgruntled men figured prominently in the news last month. Corey Nachreiner, CISSP, considers what lessons we can learn from engineer Terry Childs, who locked the City of San Francisco out of its own multi-million-dollar fiberWAN network. The CyberCrime Diaries segment answers the question, "Why don't the authorities stop cybercriminals?" by relating the five-year quest to convict spam king Robert Soloway. Hosted by Scott Pinzon, CISSP. Running time 40:03

In this month's episode, Radio Free Security's Scott Pinzon and Corey Nachreiner, both CISSPs, analyze the recent news of a potential "DNS cache poisoning" scare. They explain what it is, and how Firebox admins can counteract it. Then, Tech Support Team Lead Ben Brobak discusses the finer points of getting VPN tunnels going, and keeping them alive. Plus, "Crazy Mark" Romano returns with a sales promotion special deal. Running time 42:30

In his Security Story of the Month, Corey Nachreiner, CISSP, briefly touches on several topics, including hackers taking over a server related to Citibank; poor disclosure at online catalog company Wards; and an embarrassing hijacking of web sites belonging to IANA and ICANN. In Part 2, Corey explains why everyone should worry about two new Apple OS X Trojans. Jack Wiles, a pioneering physical penetration test team leader, reveals how he successfully broke into company after company, always undetected. Hosted by Scott Pinzon, CISSP. Running time 40:29

In this month's episode, Ian Kilpatrick of England's Wick Hill Group discusses how Europe is setting the pace for technology that is environmentally responsible - and how WatchGuard's UTM products lead the way. Also, Sandra Takeuchi introduces the new task-based Current Help pages on our web site, and technical trainer Matt Sando explains the differences between WatchGuard's two major SSL VPN solutions. Running time 33:30

Corey Nachreiner, CISSP, explains how the newly announced rootkit for Cisco IOS works, and what to do about it. Dave Piscitello of ICANN describes a hack where Comcast lost its domain names temporarily, and suggests preventive measures for any network administrator who manages domains. Hosted by Scott Pinzon, CISSP. Running time 35:20

In this month's episode, we take a deep dive into Report Manager, which was completely redesigned in Fireware Version Ten. We'll hear three perspectives on it -- from Product Manager Steve Fallin, Principal Developer Mark Hughes, and Technical Support Rep Greg Gilbraith. Find out why it was changed, and get tips on how to use the new version. Plus, you'll learn about WatchGuard's new localized support for Version Ten. Running time 28:00

Corey Nachreiner, CISSP, demystifies the workings of attacks that make legitimate web sites serve malicious software to their customers. Topics explained include SEO poisoning (sometimes called "Google cache corruption"); iFrames; and SQL injection performed against Active Server Pages. Professional hacker Johnny Long shares how his latest book helps feed children in Uganda. And Sandra Takeuchi shares the results of our April poll of listeners, setting the future direction for this podcast. Hosted by Scott Pinzon, CISSP. Running time 41:13

This month, we tackle one big topic: Helping you navigate the LiveSecurity web site. What are the key resources to help LiveSecurity subscribers use our products, and where exactly are they located? Radio Free Security's host Scott Pinzon, CISSP, crosses over to the Firebox Special to give us the scoop on product documentation, broadcast preferences, user forums, support incident reporting, and more. And, in our ever-popular "Listener Mailbag" section, we hear what you think about our shows, and announce another lucky contest winner! Running time 33:40

A Very Special Episode: Welcome Newbies! This month's program is dedicated to new IT personnel who want to learn network security, but have almost no money or time. Fred Avolio, one of the inventors of the commercial firewall, recommends indispensable must-reads, the best conferences, forums to sign up for, and more. A mock quiz show, "The Network Security Beginner's Path of Truth," reveals basic principles of security. Mark Spivey, CISSP, explains how to get hands-on experience as a hacker, without hurting yourself or others. Answers to listener email questions leads to controversy about whether it's worthwhile to educate end-users on security. Hosted by Scott Pinzon, CISSP. Running time 51:15

In this episode, we introduce a brand-new appliance, the WatchGuard SSL VPN. Training expert Kyle Porter explains Single Sign-On authentication, a new feature in Version 10. Sales engineer Pete Adams describes how System Manager can be used when you have many different Fireboxes on your network. And we announce the winner of our Listener Mailbag contest! Running time 40:52

Online safety consultant and "white hat stalker" Linda Criddle of Look Both Ways describes how predators can grab information you thought was private. Scott Pinzon, CISSP, and Corey Nachreiner, CISSP, discuss alarming new trends in bots, including the "MayDay" botnet. Wireless network experts Lisa Phifer of Core Competence and Diana Kelley of Security Curve explain "evil twin" attacks - wireless access points that appear to be perfectly legitimate - and tell wifi users how to avoid them. Running time 40:52

In this episode, sales engineer Pete Adams describes several features of System Manager that show you exactly what's happening on your network. Training experts Nathan Buff and Kyle Porter talk about the new Mobile VPN client designed to work with Vista. And we read your emails from our Listener Mailbag! Running time 28:20

A mysterious attack placed trojans on over 10,000 legitimate web sites, causing them to distribute malware to their customers. How was it done? Corey Nachreiner, CISSP, reports. Chris Squier, CISSP, gives practical advice on how to make sure your network complies with every regulation, legislation, and industry standard relevant to your organization. Digital forensics expert Dave Kleiman (CCE, ISSAP, MCSE, MVP) provides tips on how to "follow an intrusion across your Windows network," using low-cost and no-cost tools. Hosted by Scott Pinzon, CISSP. Running time 41:24

In this first episode, tech support experts Nathan Buff and Kyle Porter give you fine tuning tips for remote authentication. Product managers Tim Helming and Tom Fischer preview of Fireware Version 10, launching soon. And we answer your cards and letters. How is that possible, in a premiere episode? Listen and find out! Running time 25:40

Scott Pinzon, CISSP, and Corey Nachreiner, CISSP, predict six developments in network security during 2008, covering topics such as international cyberwarfare, IPv6 adoption, OS X security, botnet trends, and more. Christopher Smith, WatchGuard Sales Engineer, explains what specific settings do to enhance security when using the Firebox's HTTP proxy. Roving correspondent Chris Squire, CISSP, offers "sympathy for the devil" in his lament about how hard the hacker's life has become. Running time 44:23