Last update: 2011-03-24

So Long and thanks for all the fish!

2011-03-24 :: (Naftulyev, Moon, Elberg)
Although the podcast has not been 'on the air' for over 2 years, I see there are still 240 of you that subscribe. Thanks for listening to the historic episodes! We enjoyed making the podcast immensely, and if a few of us ever have the time, we'll use this same name for a new one. But for now - the server this site is on will be blown away and all the old episodes deleted (I will still have copies archived)...

In the immortal words of the late Douglas Adams, 'So long, and thanks for all the fish.' …


2009-10-24 :: (Naftulyev, Moon, Elberg)
Just a reminder to everyone that tickets for Shmoocon go on sale Nov 1. All of us will try to get to Shmoocon again in 2010 - although the podcast is over and done we are all still working in security consulting and do stay in touch with each other.

See you in 2010! …


2009-02-07 :: (Naftulyev, Moon, Elberg)

Mooner, Anatoly, Doug, and Gene are at Shmoocon this weekend. Say hi if you see us around.

Gene -->

So far the presentation on the Home Made UAVs was the most interesting.

Decoding a smart key is pretty interesting as well.

Night of good food and Vodka at Russia House. $350 in vodka consumed by the above :-)

Second day the presentations are pretty interesting.

The Bluetooth full channel capture was pretty cool.

Anatoly -->

Podcast 51- WPA, Utimaco, FISMA, MI6

2009-01-05 :: (Naftulyev, Moon, Elberg)
MI6 Camera -- Including Secrets -- Sold on eBay(IN)SECURE Magazine Issue 18FISMA 2008: A Better Solution (September 29, 2008)Cyber Security Awareness Month - Daily Topics, (Tue, Sep 30th)Just what color is a security hole?Sophos concludes $314 million Utimaco buyCookie HijackingWPA no longer secureHosts
Gene Naftulyev, CISSPDoug Landoll, CISSPErik Moon, CISSPMusic
Jonathan Coulton

No we are not dead!

2008-10-28 :: (Naftulyev, Moon, Elberg)
But much like last year - summer is an extremely busy period for us security geeks. Our wives make us go outside and do stuff with them!

Seriously the 4 week hiatus did turn out to be a bit longer than planned. BUT we are planning on starting up the recordings once again early October. I still have one in the can that needs to be uploaded (although of course all the segments are on non-current topics at this point)

So stay tuned for more podcasts coming soon! …

Podcast 49 - Idiots, SCADA, ID Theft, Apple

2008-06-29 :: (Naftulyev, Moon, Elberg)
Disgruntled admin gets 63 months for massive data deletionIntellipedia?AT&T manager on laptop loss: 'It is pathetic'FTC wants to hit the spyware guys where it hurtsSoftware security hole shows utilities and other infrastructure vulnerableVerizon Business 2008 Data Breach Investigations ReportBank of America check card data compromisedRansomware
We lost both Ben and Doug 30 min into the podcast - excuse the slight dead air.
Intro music by Walt Ribeiro - Rush
Gene Naftulyev, CISSPAnatoly Elberg, CISSPDoug Landoll, CISSPBen Spader, CISSP …

Podcast 48 - Google, Apple, RIAA, SCADA

2008-06-05 :: (Naftulyev, Moon, Elberg)
Richard Clarke: 'Government Failed You' on SecurityLargest Public Power Grid at Cyber Risk, Feds SayMinnesota Town Tells Google Maps: Keep out - We Mean It!Apple Patches 40 Security HolesInside the Attack that Crippled Revision3Intro music by Jessy Moss
Gene Naftulyev, CISSPAnatoly Elberg, CISSP …

Podcast 47 - DoD, UK, Privacy, Hope, Trust

2008-05-27 :: (Naftulyev, Moon, Elberg)
FBI Worried as DoD Sold Counterfeit Networking GearUK to monitor and record every phone call, web page & emailBiometric Authentication System - An OverviewBlackBerry Giving Encryption Keys to Indian GovernmentLAST HOPEProtecting Users Against ThemselvesGoogle Health ServiceReflections on Trusting Trust
Gene Naftulyev, CISSPDoug Drew, CISSP …

Podcast 46 - RIAA, Google, ID Theft, EFF

2008-05-12 :: (Naftulyev, Moon, Elberg)
Military Computer Contractor Convicted on ID Theft ChargesBackground Checks: How Not to Hire an Information Security Officer Who's on ParoleThe 'Hard Disk Crusher' Doesn't Mess AroundProtecting Yourself From Suspicionless SearchesFlorida Judge Smacks Down RIAAGoogle is spearheading a volunteer workforceUnsafe at any speed the 7 dirty secrets of the security industrySteal the data of Facebook usersA new SQL Injection attack is making the roundsHosts
Gene Naftulyev, CISSPDoug Drew, CISSPDave Meier, CISSP

Podcast 45 - China, FBI, XP, Malware - FIXED

2008-04-27 :: (Naftulyev, Moon, Elberg)
Microsoft Opens the Gates to Hack Their Web ServicesPC World: Sites’ Personal Questions May Pose Security RiskFBI Looks at Chinese Role in Darfur Site Hack(IN)SECURE Magazine Issue 16WifiZoo v1.3 Released - Passive Info Gathering for WifiKaspersky Security Bulletin 2007: Malware evolution in 2007Windows XP SP3 Will Be Available for Download on April 29 (April 21, 2008) Schneier: Lots of security software is 'snake oil'Microsoft figures show some users may like adwareEnterprises Slow to Fight Malware
Gene Naftulyev, CISSPDoug Drew, CISSP …

Podcast 44 - Russia, Blackberry, RIAA, PI, Spyware

2008-04-07 :: (Naftulyev, Moon, Elberg)
Techworld: BlackBerry Servers Ripe for the Hacking Creating bootable USB drives for capturing the contents of memorySoftware Radio Attacks and Zero-Power DefensesPIN Entry Device (PED) vulnerabilitieswww.notacon.orgTrend Micro Hit by Massive Web HackJudge Rules Against Accused Spyware DistributorMichigan says MediaSentry (RIAA) lacks necessary PI licenseHow To Think Like An Online Con Artist NATO Equates Cyber Attacks to Missile Attacks (March 7, 2008)Brief: Phone "swatter" gets 30 monthsRussian serfs paid $3 a day to break CAPTCHAsHosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSPDoug Landoll, CISSP …

Podcast 42 - PI License, Shmoocon Retrospect

2008-03-06 :: (Naftulyev, Moon, Elberg)
Forensics requires a PI licenseWelcome to Cyberwar Country, USAShmoocon Speakers Thanks to surbo from i-hacked.comThanks to Hak5 Computerworld: Mozilla Raises Firefox Security BarUse of Rogue DNS Servers on RiseHosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSPDoug Landoll, CISSPChris Gerling, CISSP …

Podcast 43 - Social Engineering, PCI, Events, DRAM

2008-03-06 :: (Naftulyev, Moon, Elberg)
Retrieving crypto data from DRAMPIN Entry Device (PED) vulnerabilitiesPCI And The Circle Of BlameTechworld: Criminals Automate Security TestingFTC Data: Telcos, Banks are Top Targets for ID TheftComputer Sweden: Swedish Officials’ Passwords Revealed by Hacker17-year-old Social Engineer (IN)SECURE Magazine Issue 15You got Owned! DHS Getting Flak for IDS upgrade
Gene Naftulyev, CISSPAnatoly Elberg, CISSPDoug Landoll, CISSPBen Spader, CISSP …

Podcast 41 - China, Privacy, EU

2008-02-21 :: (Naftulyev, Moon, Elberg)
EU Official: IP Is PersonalBush Order Expands Network MonitoringSwitzerland Tells Antipiracy Group Tactics Violate LawMaritime Security & Domain Awareness ConferenceMilitary Open Source Software Conference - Initiatives, Risks, Opportunities & ChallengesLargest Can-Spam Penalty Levied By FedsPrivacy Laws Make ProgressComputerworld: US Gov’t Seek 10 Percent Hike in IT Security SpendingIBM, Google, Microsoft, Others Join OpenID BoardTrueCrypt 5.0 Released!!!Ex-Boeing engineer charged with theft of Space Shuttle secrets for China - DOJ Small Romanian Town Gets Rich Through eBay Scams Hosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSP …

Podcast 40 - TJX, Europe, Tasers, Shmoocon

2008-02-11 :: (Naftulyev, Moon, Elberg)
Shmoocon - if you go, say hi to Anatoly and DougYes this is Episode #40 - #39 will be part of the 'lost episodes' special sometime in the future!
TJX data breach doubles from 45.6MM to 94MM accountsPandemic wargame exposes gaps in financial service firms' disasterPhishing scheme cons grocery chain out of $10MM, lawsuit revealsEuropean banks remain complacent about compliance and security, surveySwitzerland Tells Antipiracy Group Tactics Violate LawAnalysis: Rogue Trader at Societe Generale Leads to $7 Billion Fraud-Related LossMan Files Patent For Taser-Proof Clothing ISSA JournalHosts
Gene Naftulyev, CISSPDoug Landoll, CISSP …

Shmoocon Ticket Winner Anounced

2008-01-30 :: (Naftulyev, Moon, Elberg)
The winner of the Shmoocon ticket is Chris McBee!

Chris you have 48 hours to email me back to claim your ticket or an alternate will get it.

Thanks to everyone who wrote in, we appreciate your continued listenership!

Gene …

Podcast 38 - Shmoocon Promo, CA, Sears, WiFi

2008-01-08 :: (Naftulyev, Moon, Elberg)
Shmoocon Ticket Giveaway
SANS certificationsNumbers: ITIL, COBIT and More; Who Uses What?Sears: Come see the softer side of spywareCA’s Web Site Hacked by Malware AuthorsWiFi gone but check out
State Hacking/Computer Security LawsHosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSPBen Spader, CISSPJeff Pettorino, CISSPDoug Landoll, CISSP …

Free Shmoocon Ticket Promo

2008-01-05 :: (Naftulyev, Moon, Elberg)
Did you try to get a Shmoocon ticket and miss your opportunity?

Well on the next podcast we will be announcing a contest for a free ticket to Shmoocon! If you want to get a in early here is what you need to know:

Send us your name, email, and either your phone number or profile link - so we can validate that you are a real person.
Tell us in one sentence why you should get a free Shmoocon ticket.
Winner will be randomly selected from all entries.

Once a winner is picked at the end of Jan, we will contact you and send you a shirt and pass to Shmoocon.

Good luck!


Dec 2007 Special Anouncement

2007-12-26 :: (Naftulyev, Moon, Elberg)
Happy Holidays!

We are not putting out a new episode until Jan - but we wish everyone a great Christmas and New Year (and Appolo's Birthday!)

If you are a listener and LinkedIn member and would like to be part of the group (and get a logo) follow this link.

For those who are not on LinkedIn - it is a professional contact management website where you can stay in touch with past co-workers and other professionals. Sort of a Facebook for the VPs, Directors, Professionals, etc.

Podcast 37 - Shmoocon, TJX, China, Netflix

2007-12-06 :: (Naftulyev, Moon, Elberg)
Shmoocon Tickets going fast! IT Departments Biggest Source of Data Leaks, Says ResearchUK Government Accuses Chinese of IT EspionageMI5 Warns UK Businesses of China-Sponsored Cyber Attacks (December 2 & 3, 2007)Government-sponsored Cyberattacks on the Rise, McAfee Says10 Extremely Useful Websites to Stop Big Brother From Snooping on You(IN)SECURE Magazine Issue 14 Technitium FREE MAC Address Changer v4.7 - Released for DownloadResearchers reverse Netflix anonymizationQuickTime exploited by media-handling flawData Breaches Cost More Than EverTJX offers a $40.9 millionCard issuers do not get to form a class in a suitTJX's Settlement with Visa Casts Light on Murky World of PCI PenaltiesHosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSP …

Podcast 35 - PGP, Mafia, Botnet, Passwords

2007-11-16 :: (Naftulyev, Moon, Elberg)
Microsoft switching SharePoint to claims-based authenticationPGP Whole Disk Encryption - Barely Acknowledged Intentional BypassHard Drive Imports to be Banned?The Russian Mafia Doesn't Like Spam EitherFirewall Secures Battlefield CommunicationsDetails of Hijacked 24/7 Ad Server EmergeStorm Botnet Divides, Preps for Sale to SpammersCafe Latte Attack Steals Data from Wi-Fi PCsDefault Manufacturer Passwords for a Ton of DevicesComcast Admits Delaying, Not Blocking, P2P TrafficJim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"Hosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSPBen Spader, CISSP …

Podcast 34 - Fingerprints, NSA. Web2, Spending

2007-11-16 :: (Naftulyev, Moon, Elberg)
Financial Institutions Spending on Security, GovernanceUK Authorities Can Demand Decryption Keys (October 1 & 3, 2007)Hackers at Microsoft?! Now Wait a Minute ...FCC declines to investigate NSA-telco linkEFF sues the DOJ for withholding records of telecom surveillance immunityShould Schools Fingerprint Your Kids?Analyst Warns That Web 2.0 Threatens Corporate SecurityFor My Next Trick... Hacking WEB2.0Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"Doug's Book - Performing an Information Security Risk Assessment (Hardcover)Intro Six Mile Bridge 2001
Gene Naftulyev, CISSPErik Moon, CISSPDoug Landoll, CISSP …

Podcast 33 - ArcSight, Privacy, Toys, Onion, Credit, Blow

2007-10-04 :: (Naftulyev, Moon, Elberg)
iPhone Turned into Pocket-Sized Hacking PlatformRuling Eases Government’s Efforts for Cell Phone TrackingHackers Post Techniques for Reversing iPhone UpgradeGun Safe Zone on you tube Whistleblower lawsSuit: Employee Fired for Reporting BreachOpt-out from pre-approved credit applicationsOctober is the fourth annual National Cyber Security Awareness MonthYour Digg username is probably "too secure" for American ExpressBluetooth HeadsetGo Ahead (Bomb New York)Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"Hosts
Gene Naftulyev, CISSPAnatoly Elberg, CISSPBen Spader, CISSP …

Podcast 32 - China

2007-09-20 :: (Naftulyev, Moon, Elberg)
Jim Tiller for (ISC)2 board of Directors - if you are a CISSP please "Vote for Jim"Pentagon Hacked by Chinese MilitaryChina accused of cyberattacks on New ZealandFrance Complaining of China Hacks TooBrief: China claims hackers stole its secrets tooGroup releases free iPhone unlock hackNames, Contact Info on TD Ameritrade Customers CompromisedTJX Data Criminal Gets Five Years in PrisonJack Thompson Decides He's In GTA IVWindows worm targets Skype usersAnd why I don't drink French Vodka! French Diplomat Softens Tone on Iran Nuke ProgramNote: Episode 31 had sound issues but I will try to salvage as much as I can and post it.

Gene Naftulyev, CISSPAnatoly Elberg, CISSPErik Moon, CISSPJim Tiller, CISSP …

Gear: A new section of this website

2007-09-16 :: (Naftulyev, Moon, Elberg)
NOTE: All future secthis gear reviews will be located at - this is a sample.

As hosts of podcast we are always buying new gear - be it tech or firearms - and often we talk about it on the podcast. Well now we are going to add a new section to the website where we post short reviews of this gear - in style of first having a drink, then writing a review!

If you think this is a good idea, let us know by emailing Gene. If this is a bad idea then email Mooner! No seriously send any of us mail and let us know what you think.

We have a number of items that we are ready to review for you, so let me start with the first utterly useful item!

Citizen Skyhawk Atomic Eco-Drive

I have been looking at getting a rugged, automatic, more full featured watch for a while. The main objectives that this watch had to fulfill were:

It needed to be an Automatic - either a self winder of solarIt needed to show at least 2 time zonesIt needed to have night viewing - whether tritium or back lighting
Watches with dual time zones are generally referred to as GMT models. So while I really like the look of the Rolex GMT Master II, it would not have passed the 'wife' test, nor does it have tritium or back lighting. I did find a KHS Operator Timer, great looking Tritium watch, but it was neither an Automatic nor a GMT.

After doing more research I did find an automatic Tritium watch, but again it was not a GMT. This was the Tracer Classic Auto Pro. If I did not need the GMT capability I would certainly have purchased this watch. It really looks nice and uses the same Swiss Auto mechanism as the Omega watches.

So was there a watch that was Automatic, GMT, and Tritium? Well as it turns out there is one - the Ball Engineer Hydrocrbon GMT - and my finger was on the purchase button when my wife stopped by and convinced me not to buy it. She made me a deal that if I she'd buy it for me as soon as she passed her CISSP.

So I was back to looking for an Automatic, GMT, with Tritium. I expanded my search to include solar watches not just mechanical automatics. I still wanted dual time zones, and either tritium, or some other backlight. I found a few models that seemed to fit the bill until I stumbled on the Citizen Nighthawk. This was a nice solar watch that combined solar power, second time zone and a decent backlight.

Again I was ready to buy, but while doing a price search, I found the Citizen Skyhawk Atomic Eco-Drive - another model that had the same features, but also had a 3 timezone display, and received the radio signal broadcast from the atomic cesium clock in CO. On top of that it had a very nice rotating slide rule. This seemed like it would fit the bill!

So now I have a watch which keeps time as precisely as a GPS, is self-powered even if I am not wearing it, and has amber LED back lighting which won't kill my night vision. If you look at the closeup video you can see that it has a constant UTC (GMT) face, a 24 hour local time zone face, a main 12 hour local time face, and another time zone display is possible in the digital display.

It may not win any style awards at the office, but in the field this is a ruged, completely automatic (it will even switch to daylight savings automatically), and functional watch for anyone who needs more than a basic dress watch. Retail under $600 is well under many of the Swiss watches I looked at. And here is the short closeup video.

Gene Naftulyev, CISSP

About this podcast:

SECTHIS.COM Security Podcast

The Only Opinions That Matter Since 2006!

SECTHIS.COM Security Podcast