Monday, January 24, 2022


Security. Some assembly required. Security is HARD, and ‘real security’ is a compromise between usability and security while knowing you’re still accepting risk. This podcast alternates between interesting interviews and news analysis every other week – tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.

DtSR Podcast

DtSR Episode 484 – Defrauding Mobile Payments

Prologue Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise...
DtSR Podcast

DtSR Episode 483 – How Not to Screw Up Your Cloud

Prologue We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds. Building resilient and secure clouds...
DtSR Podcast

DtSR Episode 482 – Tales of Wireless Hacking

Prologue This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you...
DtSR Podcast

DtSR Episode 481 – Spies In Your Tech

Prologue Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets...
DtSR Podcast

DtSR Episode 480 – Juice Jacking

Prologue Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn't yours? I'm guessing you've answered yes - and if so, you need to listen to this episode. As we travel and...
DtSR Podcast

DtSR Episode 479 – Productivity of Jump Boxes and Bastion Hosts

Prologue In a technically deeper episode, Ev joins Rafal to discuss how security has made productivity challenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev...
DtSR Podcast

DtSR Episode 478 – Beyond Buzzwords: XDR

Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we...
DtSR Podcast

DtSR Episode 477 – Passwords are Dead and Other Fables

Prologue Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not...
DtSR Podcast

DtSR Episode 476 – Securing Public Cloud with Azure ASB v3

Prologue Folks, the video of this episode which was live-streamed to our YouTube channel is here: - and if you can, watch it. Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one...
DtSR Podcast

DtSR Episode 475 – Community Sourced Threat Instructions

Prologue Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only made up some new terms ("Threat Instructions", Anton) but also had some fun...
DtSR Podcast

DtSR Episode 474 – Unraveling Mountains of Evidence

Prologue Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual! Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the...
DtSR Podcast

DtSR Episode 473 – Cyber Security by Executive Order

Prologue In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have the stomach for, like CMMC and government security. In this...
DtSR Podcast

DtSR Episode 472 – Rick Howard on Trust and Tech

Prologue Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long (especially on this one, sorry not sorry), but the content is well worth...
DtSR Podcast

DtSR Episode 471 – TPA Threat Modeling the Software

Prologue On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we discuss threat modeling of software - with developers, methodologies, silos, incentives, and outcomes all in...
DtSR Podcast

DtSR Episode 470 – Security Leadership Insights from Ann

Prologue On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently. Thanks to the NJ Chapter of ISC2...

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...

Personal identifying information for 1.5 billion users was stolen in 2021, but from where?

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.