podcast Archives

Home » podcast » Page 2

Why security pros still fly

Dave Farquhar security July 7, 2015July 6, 2015Australia, podcast

Security researcher Chris Roberts has posted some inflammatory things about Boeing airplanes earlier this year, going as far as claiming to have once used the in-flight entertainment system, with a special cable, to send commands to one of the engines and affect the plane’s flight.

When I first heard Roberts’ assertions, my initial reaction was to ask why any security professional would continue to board a plane. Then last week Patrick Gray had the brilliant idea to talk to an Airbus pilot. After listening to the interview, I felt better.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Nostalgia can make you younger

Dave Farquhar Health, Music, Retro Computing, security June 25, 2015November 27, 20161960s, commodore, John F. Kennedy, lionel, lionel train, New Wave, podcast

This month’s Social Engineer podcast featured psychology professor Dr. Ellen Langer, whose specialty is mindfulness. Dr. Langer brought up a lot of important things, including the idea of work-life integration rather than the more difficult work-life balance, but another thing she briefly touched on really resonated with me. She brought up a study, originally done in the late 1970s, where a group of 80-somethings were immersed in 1959 for a week. At the end of the week, they didn’t act like 80-somethings anymore. It seems nostalgia can make you younger.

That got me thinking about the power of nostalgia.

Dave Farquhar

dfarq.homeip.net

Meet Waze, the crowdsourced GPS

Dave Farquhar Android June 10, 2015June 9, 2015android, apple, motorola, podcast

I’ve read a few things here and there about Waze, a crowdsourced GPS that runs on smartphones, including those that run Android, Apple, and Windows. Its premise is simple: Based on how traffic is moving, it figures out the fastest way to get where you want to go. It adds intelligence to the GPS.

The trade-off, of course, is that it’s tracking you too. The data is anonymized, they promise, but it’s up to you to decide whether it’s a showstopper.

Dave Farquhar

dfarq.homeip.net

Identify bad guys through writing style

Dave Farquhar security, Writing April 22, 2015December 10, 20161980s, computer security, FBI, journalism, OPSEC, podcast, trolls

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski. Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Dave Farquhar

dfarq.homeip.net

Data breaches don’t cost anything–so here’s why they matter

Dave Farquhar security March 30, 2015March 28, 2015breach, Data breach, Microsoft Office, podcast, Rabbit Hole, sony

What seems like a million years ago, when Sony Pictures got breached, some pundits were predicting that was the end of the company. I always thought that was hyperbole, but I have to admit I never went to the extreme of saying breaches are nearly harmless, which seems to be the current popular thinking.

Indeed, a financial analyst went on the Down the Security Rabbit Hole podcast and said breaches are an investment opportunity. Just buy the dip.

Dave Farquhar

dfarq.homeip.net

How to become an Info Assurance Analyst

Dave Farquhar security February 11, 2015November 30, 2016CERT, certifications, CISO, cissp, cissp exam, excel, Information Assurance, information security, Liquid Matrix, podcast, trolls, unix, vulnerability

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more

Dave Farquhar

dfarq.homeip.net

The dwindling writing market

Dave Farquhar Writing December 11, 2014December 9, 2014job duties, podcast

I get the occasional query from people who say I should promote my blog more, so that I can get an audience and write a book about this or that, and then I read stuff like this. Basically, writing is getting more and more commoditized, and writers are making less and less, not that they ever made much in the first place. And then I heard on a podcast that the average technical book sells 5,000 copies.

Fifteen years ago, I was in the home stretch of writing a book–my first, and so far only book. All told, I made around $13,000 off that book, between book royalties and publishing derivative articles in magazines, all before taxes, of course. I wrote about 20 hours a week for six months to do it, so, perhaps if I’d made it my full-time gig, I might have been able to make $52,000 a year. But that was when computer books were hot and big-box book stores were booming. I’m not confident I could make $52,000 as an author today. Read more

Dave Farquhar

dfarq.homeip.net

How to protect executives traveling to hostile countries

Dave Farquhar security November 13, 2014November 10, 2014phenom, podcast, tp link, VOIP

Slashdot ran a story about executives being targets in high-end hotels in the Far East. I didn’t realize this was a new phenomenon; perhaps I just assumed it’s been going on all along.

At any rate, it’s possible to protect against it.

Dave Farquhar

dfarq.homeip.net

Predicting the future, circa 2003

Dave Farquhar security, Windows September 26, 2014March 18, 2020BSD, discipline, podcast, SQL, unix, VPN, WAN, windows nt

In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:

Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.

Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.

Dave Farquhar

dfarq.homeip.net

Home Depot: A security pro’s dilemma

Dave Farquhar security September 17, 2014September 16, 2014breach, home depot, podcast, PR

I was listening to podcasts about the Home Depot breach, and something occurred to me.

Home Depot isn’t talking much about the breach. And it’s driving security pros nuts.

But the general public takes silence as a sign that everything’s going great. So their silence is winning the PR battle in the court that matters, which is public opinion at large. Read more

Dave Farquhar

dfarq.homeip.net