Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
headphones
Down the Security Rabbithole Podcast (DtSR)

Down the Security Rabbithole Podcast (DtSR)

Rafal (Wh1t3Rabbit) Los

The DtSR Podcast is dedicated to the cyber security profession - with timely topics, lively personalities, deep dives, and no fear of the third rail. Running since 2011 - founded by Rafal Los (aka "@Wh1t3Rabbit"), and co-hosted by James Jardine and now featuring Mr. Jim Tiller - the weekly show will entertain you while you're learning something.
On Twitter/X: https://twitter.com/@DtSR_Podcast
On YouTube: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
On LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/

profile image

1 Listener

Share icon

All episodes

Best episodes

Seasons

Top 10 Down the Security Rabbithole Podcast (DtSR) Episodes

Goodpods has curated a list of the 10 best Down the Security Rabbithole Podcast (DtSR) episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Down the Security Rabbithole Podcast (DtSR) for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Down the Security Rabbithole Podcast (DtSR) episode by adding your comments to the episode page.

Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 556 - Will Regulation Price Out the Competition

DtSR Episode 556 - Will Regulation Price Out the Competition

Down the Security Rabbithole Podcast (DtSR)

play

06/20/23 • 47 min

Send the hosts a message - try it now!

TL;DR:
On this software security and regulation-focused episode of the podcast, the OG of AppSec (Jeff Williams) joins James & I to talk about the latest spate of regulations that require self-attested transparency about what companies are doing with respect to securing their software via supply chain and direct action.
Jeff contends this is a good thing and it's hard to argue that transparency drives good - however - I'm always curious what this does to those who struggle to afford to do better, which is what the vast majority of vendors to FedGov are.
Interesting discussion, join us!
YouTube Video: https://youtube.com/live/iavtEVADp4g
Guest

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

profile image

1 Listener

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 217 - NewsCast for October 25th 2016

DtSR Episode 217 - NewsCast for October 25th 2016

Down the Security Rabbithole Podcast (DtSR)

play

10/25/16 • 47 min

Send the hosts a message - try it now!

The Massive DDoS That Hit Dyn.Org

Verizon Reviewing Terms of Yahoo Deal As Revenue Slides

Passwords - We’re Still Giving Out Horrible Advice

St. Jude Medical to Create Cybersecurity Advisory Board; Muddy Waters Releases More Vulnerability Allegations

  • The ‘fight’ between the short-sell firm and St. Jude Medical is back
  • Smack in

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 185 - NewsCast for March 15th 2016

DtSR Episode 185 - NewsCast for March 15th 2016

Down the Security Rabbithole Podcast (DtSR)

play

03/21/16 • 42 min

Send the hosts a message - try it now!

In this episode...

The FTC is getting into providing guidance on password changes

Dwolla hit by CFPB and fined $100,000

  • Who is the CFPB (Consumer Finance Protection Bureau)?
  • This opening sentence is crucial: "The Consumer Financial Protection Bureau (Bureau) has reviewed certain acts and practices of Dwolla, Inc. (Respondent, as defined below) and has identified the following law violations: deceptive acts and practices relating to false representations regarding Respondent’s data-security practices in violation of Sections 1031(a) and 1036(a)(1) of the Consumer Financial Protection Act of 2010 (CFPA), 12 U.S.C. §§ 5531(a), 5536(a)(1)"
  • http://files.consumerfinance.gov/f/201603_cfpb_consent-order-dwolla-inc.pdf
  • http://blog.dwolla.com/we-are-never-done/

FTC To Study Credit Card Industry Data Security Auditing

Bengladesh bank hackers steal ~$100M

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 207 - NewsCast for August 16th 2016

DtSR Episode 207 - NewsCast for August 16th 2016

Down the Security Rabbithole Podcast (DtSR)

play

08/18/16 • 47 min

Send the hosts a message - try it now!

Quick note from Michael about the Straight Talk Framework & Program -- >

  • Get your free copy at https://securitycatalyst.com/straight-talk-framework/
  • Launched a new program last week... boy, did I learn a lot.
    • Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
    • If you’ve already downloaded the questions - I’d love to chat with you about your experience...
    • If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
  • Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!

Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?

The Future Of ATM Hacking

  • http://www.darkreading.com/endpoint/the-future-of-atm-hacking/d/d-id/1326549
  • We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
  • Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
  • Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value

Apple will reward hackers with "bug bounty" to find flaws

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - * DtR Episode 50 - The Emergence of Geopolitics in InfoSec

* DtR Episode 50 - The Emergence of Geopolitics in InfoSec

Down the Security Rabbithole Podcast (DtSR)

play

07/22/13 • 42 min

Send the hosts a message - try it now!

Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into the future! At this point, I'd like to encourage you to listen to some of the fascinating guests we've had on this show, people I'm proud to have had a chat with, in the past archives... suggest guests, or just leave us a comment.

/Wh1t3Rabbit

In this episode...

  • We try and discuss 'defense in depth' on the geopolitical scale
  • @packetknife drops the truth about 'geopolitics experts' in InfoSec
  • Ali explains navigating the undocumented security requirements in emerging markets
  • We talk about whether all this stolen data from enterprise has actually made a difference
  • Ali discusses the 'western sense of intellectual property' (eye-opening!)
  • Deperimeterization - why #InfoSec must adapt this RIGHT NOW, but seems allergic to it
  • Ali drops 'lawfare' on us - and why #InfoSec must know its options
  • Wwe discuss why people 'generally just don't get it' when it comes to moving to triage over 'secure'
  • Ali decides he wants to be Frank, or is that frank? :-)

Guest

  • Ali-Reza Anghaie ( @PacketKnife ) - Ali is a resident expert (or as much as one can be) on geopolitics from his unique background, experience and perspective. He's a well-known figure in the community and has deep insight into the things that most of us read in the media, and pretend to understand. He's the perfect guest for Episode 50!

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtR Episode 42 - Threat Modeling

DtR Episode 42 - Threat Modeling

Down the Security Rabbithole Podcast (DtSR)

play

05/28/13 • 47 min

Send the hosts a message - try it now!

In this episode...

  • John discusses some of the foundational principles of Threat Modeling
  • We talk about why threat modeling is like your time in high school
  • We discuss why threat modeling is such an incredibly important tool to the enterprise
  • John gives us some nuggets of his experience with threat modeling enterprise applications

Guest

  • John Steven ( @m1splacedsoul ) - John Steven is the Internal CTO at Cigital with over a decade of hands-on experience in software security. John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction as a trusted advisor to many multi-national corporations. John’s keen interest in automation keeps Cigital technology at the cutting edge. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine, speaks with regularity at conferences and trade shows, and is the leader of the Northern Virginia OWASP chapter. John holds a B.S. in Computer Engineering and an M.S. in Computer Science both from Case Western Reserve University.
    John is known for his in-depth work in software security, his expertise in the field of threat modeling, and his snarkcasm. If you don't follow John on Twitter or haven't attended one of the talks he's been known to give occasionally - I recommend you do so.

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 284 - MSS SOS

DtSR Episode 284 - MSS SOS

Down the Security Rabbithole Podcast (DtSR)

play

02/20/18 • 50 min

Send the hosts a message - try it now!

This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen).

This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot.

Join us! And spread the word!

Guest:

  • Scott Stanton ( @Scott_Stanton ) - Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company.

If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: http://fb.com/CzaplarskiArt. Peter is also the artist behind Vengence Nevada (found here, for you comic lovers: https://www.comixology.eu/Vengeance-Nevada-1/digital-comic/593731 ) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - Down the Rabbithole - Episode 17 - Adam Shostack on New School Security
play

06/18/12 • 36 min

Send the hosts a message - try it now!

Synopsis

Greetings fans, this episode promises to be a great one with the likes of Adam Shostack starting off talking about what the whole concept of "New School Security" is all about, and how it differs from the way we've all done it for the past 15+ years. Adam and I talked through some new interesting ideas for moving the information security community and discipline forward, and even commented on how we can start to overcome the security community's focus on 'secrecy' when things go wrong. How do security professionals understand what the desired outcomes should be, then start to move towards implemting pragmatic approaches to move closer to those desired outcomes - because in the end it's really about business and getting it done, not about 'security'.

You will be sorry if you miss this episode!

Guest

  • Adam Shostack - Adam Shostack is a principal program manager on the Usable Security team in Trustworthy Computing. As part of ongoing research into classifying and quantifying how Windows machines get compromised, he recently led the drive to change Autorun functionality on pre-Win7 machines; the update has so far improved the protection of nearly 400 million machines from attack via USB. Prior to Usable Security, he drove the SDL Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL core team. Before joining Microsoft, Adam was a leader of successful information security and privacy startups, and helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He is co-author of the widely acclaimed book, The New School of Information Security.

Links

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - MicroCast 04 - Kevin Riggins & Kenneth Johnson - QA + Security Software Testing
play

06/14/12 • 28 min

Send the hosts a message - try it now!

Synopsis

Last winter, on a frigid afternoon I got a chance to sit down with 2 of my favorite Iowa locals, Kevin and Kenneth to talk about the tenuous relationship between QA and Information Security. Earlier in the day I had given a workshop on software security testing (of the web variety) to a ViViT user group, and with that topic and their questions/concerns fresh in my mind I settled down for a 30 minute conversation with Kevin and Kenneth ... we essentially continued the conversation from Episode 3 (please give that a listen if you haven't yet to get a background).

Some of the questions we tackled included "Which team within the software development or security organization is best positioned to test the security of applications?", and "Can Information Security ever really thoroughly test an application without the full context?" ...and much more.

Give this episode a listen!

Guests

  • Kevin Riggins - @kriggins - Kevin is a veteran of the Information Security community with many years experience in vast IT systems and a quality, development and systems background as well.
  • Kenneth Johnson - @patories - Kenneth has been in the Information Security field for the last six years, with five of those years working as an IT Analyst for Principal Financial Group. He graduated in 2007 with a BS degree in Information Systems Security from ITT Tech, and he is currently attending Iowa State to pursue a Ph.D in Information Assurance, with a specialization in Digital Forensics, Incident Response and Malware Analysis.

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 187 - NewsCast for March 29th, 2016

DtSR Episode 187 - NewsCast for March 29th, 2016

Down the Security Rabbithole Podcast (DtSR)

play

03/29/16 • 40 min

Send the hosts a message - try it now!

In this episode...

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode

Show more best episodes

Toggle view more icon

FAQ

How many episodes does Down the Security Rabbithole Podcast (DtSR) have?

Down the Security Rabbithole Podcast (DtSR) currently has 688 episodes available.

What topics does Down the Security Rabbithole Podcast (DtSR) cover?

The podcast is about News, Security, Infosec, Risk, Tech News, Hacking, Podcasts, Technology, Cyber and Cybersecurity.

What is the most popular episode on Down the Security Rabbithole Podcast (DtSR)?

The episode title 'DtSR Episode 556 - Will Regulation Price Out the Competition' is the most popular.

What is the average episode length on Down the Security Rabbithole Podcast (DtSR)?

The average episode length on Down the Security Rabbithole Podcast (DtSR) is 43 minutes.

How often are episodes of Down the Security Rabbithole Podcast (DtSR) released?

Episodes of Down the Security Rabbithole Podcast (DtSR) are typically released every 7 days.

When was the first episode of Down the Security Rabbithole Podcast (DtSR)?

The first episode of Down the Security Rabbithole Podcast (DtSR) was released on Sep 13, 2011.

Show more FAQ

Toggle view more icon

Comments