The Silver Bullet Security Podcast

On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit. They close out by discussing unusual yoga positions.

• Monterey Group
• Geekonomics: The Real Cost of Insecure Software (also: Geekonomics Blog)
• Silver Bullet #41 – Fred Schneider
• Silver Bullet #11 – Dorothy Denning
• Software Security Comes of Age (InformIT) – on the growth of the software security space
• Google Defends Against Large Scale Chinese Cyber Attack
• SANS WhatWorks in Application Security Summit 2010
• BSIMM
• Beached Whale yoga position

 

 Show 046 - An Interview with David Rice [36:06m]: Play Now | Play in Popup | Download

On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University. Gary and Lorrie discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues. They close out the discussion by talking about women in computing.

• Lorrie Cranor
• Security and Usability: Designing Secure Systems That People Can Use
• Web Privacy with P3P
• CyLab Usable Privacy and Security Laboratory (CUPS)
• A “Nutrition Label” for Privacy
• BSIMM Europe
• Google search privacy video

 

 Show 045 - An Interview with Lorrie Cranor [26:51m]: Play Now | Play in Popup | Download

On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon. Gary and Steve discuss the history of network security, secure transport and base Internet protocols, the role of politics in the adoption of security on the Internet, applied cryptography, and whether security and individual liberty co-exist. They finish by discussing extremely high end wine.

• Internet’s Biggest Security Hole
• Securing the Border Gateway Protocol (PPT)
• 2006: Statement before Congress regarding a nationwide ID system
• BSIMM Europe

 

 Show 044 - An Interview with Steve Kent [32:29m]: Play Now | Play in Popup | Download

On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other complex security issues. Suffice it to say, the cloud was a big topic for this issue. And rum.

• Christofer Hoff
• Rational Survivability
• The Frogs Who Desired a King: A Virtualization & Cloud Computing Fable
• Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure
• Mount Gay Extra Old Rum (Gary’s favorite)
• Ron Zacapa Centenario Rum (Hoff’s favorite)

 

 Show 043 - An Interview with Christofer Hoff [31:56m]: Play Now | Play in Popup | Download

On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. Gary and Gillian discuss how much people really need to know about security going on behind the scenes, how usability affects the health records security, whether or not surveillance changes how 20-somethings act in public (including on the net), and how having more women technologists positively impacts the humanization of technology.

• Gillian Hayes
• Social and technological action research (STAR)
• Ben Shneiderman
• National Center for Women and Information Technology
• The Discovery of Heaven

 

 Show 042 - An Interview with Gillian Hayes [30:51m]: Play Now | Play in Popup | Download

On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. On the show, Gary and Fred discuss the relationship between security and reliability, diversity as a security mechanism, and the continuum of attack categories from configuration problems, to bugs, to flaws, to trust issues. Fred briefly discusses Pointillism at the end of the show.

• Fred B. Schneider
• IEEE Security and Privacy 7, 1 (January/February 2009) [PDF], 14–17. With Ken Birman.
• Trust in Cyberspace
• Pointillism (Seurat)

 

 Show 041 - An Interview with Fred Schneider [31:51m]: Play Now | Play in Popup | Download

For the 40th episode of The Silver Bullet Security Podcast, Gary interviews Bob Blakley, VP and research director of The Burton Group’s Identity and Privacy Strategies. Gary and Bob discuss the importance of liberal arts degrees, the (over) complications of CORBA security, whether computer security requires a complete shift in approach, cybersecurity and governments, and the movie Perils in Nude Modeling (really).

• Transcript of this episode [PDF]
• Ceci n’est pas un Bob – Bob’s blog
• CORBA Security: An Introduction to Safe Computing with Objects
• NDSS’98 Trust Management Panel: LE NOZZE DI NOMEN [PDF] – The NDSS “wedding script”
• “The Emperor’s Old Armor“
• Moving U.S. Cybersecurity Beyond Cyberplatitudes
• Perils in Nude Modeling

 

 Show 040 - An Interview with Bob Blakley [25:48m]: Play Now | Play in Popup | Download

For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration’s “cyber coordinator” plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security. Matt’s musical tastes are also briefly touched on.

• Matt Blaze
• Matt Blaze – Wikipedia
• Matt Blaze’s Exhaustive Search – Matt’s blog
• Safecracking, Secrecy and Science
• Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks – IEEE Security & Privacy, March/April 2003
• RSA panel on Surveillance
• Silver Bullet 11: Dorothy Denning
• Trust Management
• Signaling Vulnerabilities in Wiretapping Systems – IEEE Security & Privacy, November/December 2005, by M. Sherr, E. Cronin, S. Clark and M. Blaze.
• Eno/Byrne: Everything That Happens Will Happen Today

 

 Show 039 - An Interview with Matt Blaze [32:36m]: Play Now | Play in Popup | Download

For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the “presence clock” and the portal monitor), and Kay’s advice to women interested in pursuing a career in computer science.

• Kay Connelly
• E.T.H.O.S. – Ethical Technology in the Homes of Seniors
• Crafting a Smarter, Gentler Cell Phone – NPR story featuring Kay Connelly
• Why It’s Worth the Hassle: The Value of In-Situ Studies When Designing Ubicomp [PDF]
• Silver Bullet #7: John Stewart
• Silver Bullet #15: Annie Antón
• HIPAA
• Ambient (Presence) Clock
• Portal Monitor
• The Song Is You: A Novel by Arthur Phillips
• I Was Told There’d Be Cake by Sloane Crosley

 

 Show 038 - An Interview with Kay Connelly [25:14m]: Play Now | Play in Popup | Download

On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security. They close out with a discussion of Virgil’s breakfast-eating habits.

• Transcript of this episode [PDF]
• Virgil D. Gligor (@ Carnegie Mellon)
• CyLab
• Electrical and Computer Engineering at Carnegie Mellon University
• Building a Secure Computer System
• Foreign Intelligence Surveillance Act
• Software Security Comes of Age
• RSA panel to discuss surveillance, privacy concerns
• Computer Security: Art and Science by Matt Bishop
• Towards a Theory of Penetration-Resistant Systems and its Applications (1991)
• A Formal Method for the Identification of Covert Storage Channels in Source Code (1987)

 

 Show 037 - An Interview with Virgil Gligor [27:10m]: Play Now | Play in Popup | Download