Robert Graham is the CEO of Errata Security, as well as being a well-known security blogger, appropriately at the Errata Security blog. We took a few minutes at Defcon to talk about the Wall of Sheep, as well as a vulnerability in Gmail and all of the major ...

I managed to catch up with Ivan Arce, chief techology officer for Core Security to talk about a new class of SQL vulnerability that’s dependent on a algorithm common to most SQL databases. This was following a talk Ivan gave at Black Hat describing the nature of the vulnerability ...

I caught up with Iftach Ian Amit from Finjan right after his talk at Defcon. He explained why widgets and gadgets on various websites and platforms are inherently insecure, despite the fact that standards exist to create secure gadgets. No platform is safe from these insecurities, as ...

Lock bumping became big news at last year’s Defcon when 11-year-old Jennalynn showed an exceptional talent for being able to bump almost any lock set in front of her. This year she again shows her talent by bumping the Medeco M3 high security lock, a lock that is supposedly ...

Halvar Flake, well-known speaker on reverse engineering, was denied entry into the United States this weekend for his presentation at Black Hat 2007. Halvar had given presentations at Black Hat for the last seven years, but when he tried to gain entry to the US after a 9 1/2 ...

PII, or Personally Identifiable Information is the data that can be used to steal your identity. We hear about it in the news all the time when a laptop is stolen or a database breached. But what about the information that you’re storing on your hard drive, information that may ...

The Caitlin Raymond International Registry is a database of potential bone marrow and cord blood donors around the globe. The work they do helps save lives by finding donors for people who do not have blood relatives that can become donors. Their work saves lives. In June, the

The Information Security Sell Out has been an anonymous, outspoken critic (aka troll) of the security community for much of this year. He’s hidden behind his anonymity, attacking researchers and the security community in general. But anonymity is only an illusion on the Internet, especially when you’re attacking the people ...

In May, I caught up with Michael Farnum at the Texas Regional Infrastructure Security Conference in Austin, Texas. Michael is a fellow blogger and writer for Computerworld, who gave a presentation on the importance of reading blogs to secuity professionals today. Even in a high-tech career like ...

In May, when I took the kids to the Maker Faire, one of the weirdest things we saw and wanted to share with you was a giant, kid-powered nose-picking contraption. The kids climbed into a giant hamster wheel of doom that powers the hand of the giant. I realize this ...

Did you know that, since 1986 the government has had the legal right to read your email without getting a search warrant? That’s the year the Stored Communications Act was passed. A ruling this week by the 6th Circuit Court of appeals changed this, deciding that email holds the ...

As most security professionals know, passwords are a losing proposition. We use them because the capability comes with your operating system, but their weaknesses are many. Here, Dana Epp talks about the capabilities of token-based authentication, as well as some of the weaknesses. He hopes that some day in the not-too-distant future we will control our own digital identity rather having a different identity with each and every merchant or server.

You might recognize my face from the video I did at RSA, but do you know anything about Martin McKeay? I thought I’d take a few minutes to tell you who I am and why I’m the host of The Security Show on PodTech. I started my IT career as ...

David Grant of Watchfire stopped by the F5 booth at RSA for a couple of minutes to talk to me about his company and what they’re up to. One of the points that David made during our talk is the effort that Watchfire is putting into educating their users ...

Matt Miller, VP of engineering at CounterStorm stopped to talk to me for a few minutes in the F5 booth at the RSA 2007 security conference in February. We talked about his company’s intrusion analysis product and their speciality in targeted threat detection. They’re using a technology called statistical ...

Ron Gula, CTO (and CEO) of Tenable Network Security, stopped by the F5 booth to talk about what he’d seen at RSA and what the future holds for Tenable. Tenable is best known for the Nessus scanner, written by their Chief Research Officer, Renaud Deraison, and Ron is known ...

Mike Rothman is a noted security analyst, blogger, author and “professional rabble rouser.” I had a chance to speak with him with for a few minutes at RSA in San Francisco. Mike and I talked about rebranding everything as NAC, data protection and PCI. According to Mike, this ...

At Shmoocon 2007, I was given a short but to-the-point demonstration by The Open Organization of Lockpickers. Their presentation focused on combination locks, which turn out to be pretty useless. Here, we see a member of the U.S. chapter of Toool open one using a bit of aluminum ...

I had a chance to speak with Dean Turner, executive editor at Symantec and the person ultimately responsible for the Internet Security Threat Report. The ISTR is Symantec’s semiannual review of the state of malicious traffic on the Internet, the latest of which was reported Monday, March 18th. Here is ...

At RSA 2007, I got to speak with Alan Shimel, chief strategy officer at StillSecure. We talked about the “insider threat,” the number of NAC solutions at RSA and the power that blogging has taken on, even in the security arena.

Disclosure: Since recording this interview, I have been ...

I recently caught up with my friend (and fellow security blogger) Cutaway, of the Security Ripcord blog. We talked about the difficulty of finding your way around the showroom floor, the problems with a saturated EVDO network and Norman Sandbox utilities.

Rich Mogull is a research vice president specializing in security and privacy at Gartner, the best known analyst group in the IT and security industries. I caught up with him for a few minutes at RSA 2007 in February to discuss the event, the insider threat and the future ...