Category Archives: Interviews

ContraRisk Security Podcast 21: securing the cloud; and PCI DSS 3.0

» Listen or download now on the podcasts page » There seems to be no clear consensus about how to do cloud security, or even it it’s possible. According to Colin Tankard of Digital Pathways, it really comes down to what you define as ‘secure’. A lot of it is to do with who needs to see the data and how you access… Read more »

ContraRisk Security Podcast 20: Rogue insiders and cybercrime co-operation

» Listen or download now on the podcasts page » Cybercrime co-operation The International Cyber Security Protection Alliance (ICSPA) was formed to help help government and law enforcement agencies assist businesses in tackling cybercrime. Co-operation and information sharing are very much at the core of this kind of activity, so, at the recent ISSE conference in Brussels, Steve Mansfield-Devine asked John Lyons,… Read more »

ContraRisk Security Podcast 0019: The evolution of pen-testing

» Listen or download now on the podcast page » For some organisations, penetration testing is merely a compliance requirement that they hope will find the minimum of weaknesses. For others, it’s a key step is discovering where their weaknesses lay, so they can fix them. But is pen-testing too often an afterthought, taking place after systems have been developed and… Read more »

The race for 4G heats up – thanks to the liberalisation of the wavebands

I managed to get my hands on one of the latest LTE (4G) portable modems from EE – the new name for the Orange and T-Mobile combination cellcos – and have been putting the Huawei 5776 unit through its paces. In an idle moment at the weekend I downloaded the technical specifications of the unit and nearly dropped my coffee,… Read more »

ContraRisk Security Podcast 0015: Prism and the cost of surveillance

» Listen or download now on the podcasts page » In all the debate raging around the NSA’s phone and Internet interception programme, PRISM, little seems to have been said about how it works – and particularly, how well it works. If you’re a conspiracy theorist or natural paranoid, it’s easy to imagine that PRISM flawlessly and effortlessly plucks suspicious messages from… Read more »

ContraRisk Security Podcast 0014: The continuous security model

» Listen or download now on the podcasts page » In many organisations, security is in a bit of a mess. Solutions have been layered on to counter a variety of threats against a variety of assets. But the result is a configuration management and upgrade nightmare. In spite of vendors’ claims, there’s no silver bullet to security, and maybe you need… Read more »

So where will we be with security in the Year 2020?

I was fortunate enough to be asked to make a presentation last week on where I think IT security will be at the end of the decade – and, whilst I was tempted to make my own predictions, I realised it was far better to let the captains of industry I have interviewed/observed in recent months make their own predictions…. Read more »

ContraRisk Security Podcast 0008: Old and new threats

» Listen or download now from the podcast page » In all the excitement and hype that inevitably surrounds the identification of new threats, it’s important not to lose sight of the menace posed by previous security vulnerabilities and malicious actors – most of whom aren’t going away any time soon. The danger they present hasn’t diminished just because new ones have… Read more »

ContraRisk Security Podcast 0007: #BlackHatEU – iOS pen-testing and attacking SSL

» Listen or download now on the podcasts page » Vivek Ramachandran is perhaps best-known for his work on wifi security: he is, after all, the author of BackTrack 5 Wireless Penetration Testing. He’s also the founder and CEO of SecurityTube, which provides online security training. At Black Hat Europe 2013, however, his focus was elsewhere. Vivek presented a workshop on pen-testing… Read more »

ContraRisk Security Podcast 0006: #BlackHatEU – Kali Linux

» Listen now or download on the podcasts page » Offensive Security used Black Hat Europe in Amsterdam to launch the next incarnation of its popular pen-testing Linux distribution. BackTrack has now become Kali – a name derived from a warlike god or an African word meaning ‘hot’ or ‘fierce’ – take your pick. It represents a somewhat surprising change in direction…. Read more »