On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other complex security issues. Suffice it to say, the cloud was a big topic for this issue. And rum.

• Transcript of this episode [PDF]
• Christofer Hoff
• Rational Survivability
• The Frogs Who Desired a King: A Virtualization & Cloud Computing Fable
• Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure
• Mount Gay Extra Old Rum (Gary’s favorite)
• Ron Zacapa Centenario Rum (Hoff’s favorite)

 

 Show 043 - An Interview with Christofer Hoff [31:56m]: Play Now | Play in Popup | Download

On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. Gary and Gillian discuss how much people really need to know about security going on behind the scenes, how usability affects the health records security, whether or not surveillance changes how 20-somethings act in public (including on the net), and how having more women technologists positively impacts the humanization of technology.

• Transcript of this episode [PDF]
• Gillian Hayes
• Social and technological action research (STAR)
• Ben Shneiderman
• National Center for Women and Information Technology
• The Discovery of Heaven

 

 Show 042 - An Interview with Gillian Hayes [30:51m]: Play Now | Play in Popup | Download

On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. On the show, Gary and Fred discuss the relationship between security and reliability, diversity as a security mechanism, and the continuum of attack categories from configuration problems, to bugs, to flaws, to trust issues. Fred briefly discusses Pointillism at the end of the show.

• Transcript of this episode [PDF]
• Fred B. Schneider
• IEEE Security and Privacy 7, 1 (January/February 2009) [PDF], 14–17. With Ken Birman.
• Trust in Cyberspace
• Pointillism (Seurat)

 

 Show 041 - An Interview with Fred Schneider [31:51m]: Play Now | Play in Popup | Download

For the 40th episode of The Silver Bullet Security Podcast, Gary interviews Bob Blakley, VP and research director of The Burton Group’s Identity and Privacy Strategies. Gary and Bob discuss the importance of liberal arts degrees, the (over) complications of CORBA security, whether computer security requires a complete shift in approach, cybersecurity and governments, and the movie Perils in Nude Modeling (really).

• Transcript of this episode [PDF]
• Ceci n’est pas un Bob – Bob’s blog
• CORBA Security: An Introduction to Safe Computing with Objects
• NDSS’98 Trust Management Panel: LE NOZZE DI NOMEN [PDF] – The NDSS “wedding script”
• “The Emperor’s Old Armor“
• Moving U.S. Cybersecurity Beyond Cyberplatitudes
• Perils in Nude Modeling

 

 Show 040 - An Interview with Bob Blakley [25:48m]: Play Now | Play in Popup | Download

For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration’s “cyber coordinator” plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security. Matt’s musical tastes are also briefly touched on.

• Matt Blaze
• Matt Blaze – Wikipedia
• Matt Blaze’s Exhaustive Search – Matt’s blog
• Safecracking, Secrecy and Science
• Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks – IEEE Security & Privacy, March/April 2003
• RSA panel on Surveillance
• Silver Bullet 11: Dorothy Denning
• Trust Management
• Signaling Vulnerabilities in Wiretapping Systems – IEEE Security & Privacy, November/December 2005, by M. Sherr, E. Cronin, S. Clark and M. Blaze.
• Eno/Byrne: Everything That Happens Will Happen Today

 

 Show 039 - An Interview with Matt Blaze [32:36m]: Play Now | Play in Popup | Download

For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the “presence clock” and the portal monitor), and Kay’s advice to women interested in pursuing a career in computer science.

• Kay Connelly
• E.T.H.O.S. – Ethical Technology in the Homes of Seniors
• Crafting a Smarter, Gentler Cell Phone – NPR story featuring Kay Connelly
• Why It’s Worth the Hassle: The Value of In-Situ Studies When Designing Ubicomp [PDF]
• Silver Bullet #7: John Stewart
• Silver Bullet #15: Annie Antón
• HIPAA
• Ambient (Presence) Clock
• Portal Monitor
• The Song Is You: A Novel by Arthur Phillips
• I Was Told There’d Be Cake by Sloane Crosley

 

 Show 038 - An Interview with Kay Connelly [25:14m]: Play Now | Play in Popup | Download

On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security. They close out with a discussion of Virgil’s breakfast-eating habits.

• Transcript of this episode [PDF]
• Virgil D. Gligor (@ Carnegie Mellon)
• CyLab
• Electrical and Computer Engineering at Carnegie Mellon University
• Building a Secure Computer System
• Foreign Intelligence Surveillance Act
• Software Security Comes of Age
• RSA panel to discuss surveillance, privacy concerns
• Computer Security: Art and Science by Matt Bishop
• Towards a Theory of Penetration-Resistant Systems and its Applications (1991)
• A Formal Method for the Identification of Covert Storage Channels in Source Code (1987)

 

 Show 037 - An Interview with Virgil Gligor [27:10m]: Play Now | Play in Popup | Download

We switch things up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use.

• Transcript of this episode [PDF]
• Enterprise Architecture: From Incite comes Insight… – James McGovern’s blog
• Gary McGraw’s site
• Software Security: Building Security In
• Building Security In Maturity Model (BSIMM)
• Gartner releases paper on Static Analysis – James’ blog entry on Gartner
• Cigital’s John Steven to lead OWASP Northern Virginia Local Chapter (press release)

 

 Show 036 - An Interview with Gary McGraw (by James McGovern) [34:34m]: Play Now | Play in Popup | Download

On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of humanity. They talk about Daniel’s new book and the movie options attached to it, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the current state of AI, and the follow-up to Daemon, Freedom ^TM.

• Daemon
• Daniel on Last call with Carson Daly
• Al-Qaeda in Second Life
• Distraction by Bruce Sterling
• Halting State by Charles Stross
• Bot-Mediated Reality at the Long Now Foundation
• Wired for War by P.W. Singer

 

 Show 035 - An Interview with Daniel Suarez [25:16m]: Play Now | Play in Popup | Download

On the 34th episode of The Silver Bullet Security Podcast, Gary interviews Bill Brenner, senior editor at CSO Online and CSO Magazine. Gary and Bill discuss how delivering the security message changes based on the audience (executives versus geeks and CSO’s versus CIO’s), the much-exaggerated death of print media, and balancing headline-grabbing sensationalism with solid security business coverage. They close out their interview with a discussion of Bill’s favorite period of history.

• Bill Brenner at CSO Online
• Bill Brenner on LinkedIn
• Bill Brenner on Facebook
• Security Wire Weekly
• Security Insights Podcast
• 1 Raindrop – Gunnar Peterson’s blog.
• Silver Bullet interviews with Jon Swartz, USA Today, Dennis Fisher, Tech Target, and Jeremiah Grossman, Whitehat

 

 Show 034 - An Interview with Bill Brenner [27:48m]: Play Now | Play in Popup | Download