Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in Apple Podcasts
Brakeing Down Security Podcast
2017
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: 2015
Dec 27, 2015

Dave Kennedy does a lot for the infosec community. As owner/operator of 2 companies (Binary Defense Systems and Trusted Security), he also is an organizer of #DerbyCon and active contributor to the Social Engineering ToolKit (#SET).  You can also find him discussing the latest hacking attempts and breaches on Fox News and other mainstream media outlets.

But this time, we interview Dave Kennedy because he has been elected to the ISC2 board. He will be serving a 3 year term with Wim Remes (who we interviewed a couple of weeks ago) and others to improve #ISC2 processes, and to make #CISSP and other certs more competitive in the #infosec/IT community.

And yes... we find out about what is going on with DerbyCon and get some updates with what will happen in the next DerbyCon.

 

iTunes Link: https://itunes.apple.com/us/podcast/2015-054-dave-kennedy/id799131292?i=359677576&mt=2

TuneIn Radio App: http://tunein.com/r…/Brakeing-Down-Security-Podcast-p801582/

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com

Dec 22, 2015

This week, we went off the tracks a bit with our friends at Defensive Security Podcast, and PVC Security Podcast. We discussed a bit of news, talked about how our podcasts differ from one another, the 'lack of infosec talent', and sat around talking about anything we wanted to.

Sit back with some eggnog, and let your ears savor the sounds of the season.  Many thanks to Andrew Kalat, Jerry Bell, Edgar Rojas, Paul Jorgensen, and co-host Brian Boettcher for getting together for some good natured fun.

WARNING: There is adult language, and themes, so if you have little ones around, you might want to skip this one until after bedtime.

Happy Holidays from Brakeing Down Security Podcast.

Dec 17, 2015

I got a hold of Mr. Wim Remes, because he was elected to the ISC board in November 2015.  Recent changes to the CISSP included changing the long-standing 10 domains down to 8 domains, plus a major revamp to all of them.

I wanted to know what Mr. Remes' plans were for the coming term, how the board works, and how organizations like ISC2 drive change in the industry. I also asked Wim how he is trying to ensure that CISSP and the other certs are going to remain current and competitive.

This is a great interview if you're looking to get your #CISSP or any other ISC2 cert, or you currently have an #ISC2 #certification and want to get knowledge of the workings of ISC2 and the board.

 

Mr. #Remes' Twitter: @wimremes

ISC2 official site: http://www.isc2.org

 

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-052-wim_remes-isc2.mp3

iTunes: https://itunes.apple.com/us/podcast/2015-052-wim-remes-isc2-board/id799131292?i=359103338&mt=2

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com

Dec 10, 2015

#MITRE has a Matrix that classifies the various ways that your network can be compromised. It shows all the post-exploitation categories from 'Persistence' to 'Privilege Escalation'. It's a nice way to organize all the information.

This week, Mr. Boettcher and I go over "#Persistence" and "#Command and #Control" sections of the Matrix. 

Every person who attacks you has a specific method that they use to get and keep access to your systems, it's as unique as a fingerprint. Threat intelligence companies call it TTP (#Tactics, #Techniques, and #Procedures), we also discuss the Cyber #KillChain, and where it came from.

#ATT&CK Matrix: https://attack.mitre.org/wiki/Main_Page

Tactics, Techniques, and Procedures (shows patterns of behavior) https://en.wikipedia.org/wiki/Terrorist_Tactics,_Techniques,_and_Procedures

http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf -- Cyber Kill Chain paper that inspired the ATT&CK Matrix

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-051-ATTACK_Matrix.mp3

iTunes: https://itunes.apple.com/us/podcast/2015-051-mitres-att-ck-matrix/id799131292?i=358670845&mt=2

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com

Dec 4, 2015

That's the question many think is an automatic 'yes'.  Whether your Httpd is running on port 82, or maybe your fancy #wordpress #module needs some cover because the code quality is just a little lower than where it should be, and you need to cover up some cruft

This week, Mr. Boettcher and I discuss reasons for obscuring for the sake of #security, when it's a good idea, and when you shouldn't #obscure anything (hint: using #ROT-14, for example)

#encryption #infosec

Show Notes:  https://docs.google.com/document/d/1PioC2hnQHhm5Xd1SCT4ewvZmZiLcE5pGQuif4Tuk_zE/edit?usp=sharing

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-049-Security_by_Obscurity.mp3

Mr. Boettcher's Twitter: http://www.twitter.com/boettcherpwned

Bryan's Twitter: http://www.twitter.com/bryanbrake

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com

Nov 27, 2015

Cheryl Biswas gave a great talk last month at Bsides Toronto.  I was intrigued by what "Shadow IT" and "Shadow Data" means, as there appears to be some disparity. Why can't you write policy to enforce standards? As easy as it sounds, it's quickly becoming a reason young talented people might skip your company. Who wants to use Blackberries and Gateway laptops, when sexy new MacBook Airs and iPhone 6S exist?

This also leads to the issue of business data being put on personal devices, which as anyone knows can cause a whole host of additional issues. Malware installed on personal devices can make for sharing business secrets a cinch.

So, while Mr. Boettcher was working, I managed to wrangle a quick interview with Cheryl out of her offices in Toronto, Ontario.

Cheryl gave us some great audio, and when you're done, you can watch her Bsides Toronto talk.  

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-048-Cheryl_Biswas_Shadow_IT.mp3

iTunes Link: https://itunes.apple.com/us/podcast/2015-048-rise-shadow...-it!/id799131292?i=357889684&mt=2

Cheryl's Twitter: https://www.twitter.com/3ncr1pt3d

Cheryl's BsidesTO talk: https://www.youtube.com/watch?v=q0pNWpWFKBc

 

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com

Nov 21, 2015

Business Security in Maturity Model (#BSIMM) is a #framework that is unique in that it gives your company a measuring stick to know how certain industry verticals stack to yours...

We didn't want to run through all 4 sections of the BSIMM, so this time, we concentrated on the #software #security standards, the "Deployment" section specifically...

BSIMMV6 download (just put junk in the fields, and download ;) ): https://www.bsimm.com/download/

 

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-047_BSIMM.mp3

iTunes: https://itunes.apple.com/us/podcast/2015-047-using-bsimm-framework/id799131292?i=357545342&mt=2

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com

 

 

 

Nov 10, 2015

During our last podcast with Bill Sempf (@sempf), we were talking about how to get developers to understand how to turn a vuln into a defect and how to get a dev to understand how vulns affect the overall quality of the product.

 

During our conversation, a term "ASVS" came up. So we did a quick and dirty session with Bill about this.  It's a security #requirements #document that ensures that projects that are being scoped out are meeting specific security requirements. This can be a valuable ally when your company is creating products or software applications. Bill explains with us this week exactly how you incorporate this into your Secure #SDLC #lifecycle

 

#project #management #security #architect

Direct Link: http://traffic.libsyn.com/brakeingsecurity/sempf2.mp3

iTunes Link: https://itunes.apple.com/us/podcast/2015-046-getting-security/id799131292?i=356958476&mt=2

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Bill's Bside Columbus talk on ASVS: http://www.irongeek.com/i.php?page=videos/bsidescolumbus2015/defense00-got-software-need-a-security-test-plan-got-you-covered-bill-sempf

Bill's Blog: http://www.sempf.net

Bill's Twitter: http://www.twitter.com/sempf

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Nov 4, 2015

When you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand.

It's a language barrier folks. They think terms of defects or how something will affect the customer experience. We think in terms of #vulnerabilities, and what caused the issue. We need to find that common ground, and often, that will mean us heading into unfamiliar territory. It doesn't have to be 'us vs. them'. We are supposed to be a team. 

Join us this week as we discuss that very topic with Bill #Sempf. Bill has spent nearly 25 years doing software development and security, working as an independent contractor for dozens of companies on hundreds of #software #projects. He helps us figure out how to speak 'dev', and to develop a mindset that will ensure you can get the most out of interactions with developers and coders.

Show notes: http://brakeingsecurity.com/2015-045-care-and-feeding-of-devs-podcast-edition-with-bill-sempf

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-045_Bill_Sempf-care_and_feeding_of_devs.mp3

Itunes: https://itunes.apple.com/us/podcast/2015-045-care-feeding-devs/id799131292?i=356366452&mt=2

Bill's #DerbyCon Talk "#Developers: Care and Feeding":

http://www.irongeek.com/i.php?page=videos/derbycon5/teach-me11-developers-care-and-feeding-bill-sempf

Bill's Blog: https://sempf.net/

Bill's Twitter: http://www.twitter.com/sempf

Check us out using the #TuneIn App!: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

#RSS: http://www.brakeingsecurity.com/rss

 

Oct 30, 2015

It's a madhouse this week! We invited Ben Donnelly (@zaeyx) back to discuss a new software framework he's crafted, called #MAD Active Defense. Ben wants to make Active Defense simple enough for even the busiest blue teamer.

The interface takes it design from other well known #software frameworks, namely #Metasploit, #REcon-ng, and even a bit of #SET, he said.

We even did a quick demo of MAD, discussed the tenets of #Active #Defense, and talked about a little skunkworks project of Ben's that you will find enjoyable.

Direct Link: http://brakeingsecurity.com/2015-044-a-mad-mad-mad-mad-world-with-ben-donnelly

Promethean Security MAD GitHub: https://github.com/PrometheanInfoSec/MAD

Demo Video (~110MB): http://traffic.libsyn.com/brakeingsecurity/MAD_Ben_edited.mkv

Backup Demo Download (gDrive) site (~110MB): https://goo.gl/FtWlCM

Check us out using the TuneIn App!: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

RSS: http://www.brakeingsecurity.com/rss

#activeDefense #blueTeam #intrusionDefense #benDonnelly

 

Oct 22, 2015

WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.

Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use.  It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. 

Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.

#assetmanagement #remotemanagement #wbem #wmi #windows

DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu

Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx

WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx

TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

RSS: http://www.brakeingsecurity.com/rss

 

Show notes

Oct 14, 2015

Just before #Derbycon, we invited Michael Gough (@hackerhurricane) to join us on the #podcast. 

For the last 3-4 months, my co-host Brian and he were engaged in the creation of a software tool that would make #log #analysis of #windows systems quicker, and together they have achieved that with "Log-MD", short for Log Malicious Discovery.

For hosts infected with #Malware and #bots, they always leave a fingerprint of what they are doing behind. This software takes your system, configures it to get the maximum #logging output possible, then puts everything in a nice readable format, enabling you to filter out known good items, leaving you with bad items, or suspicious activity.  This allows you to analyze #logfiles and find malware in less time than before. This will make #forensics of infected systems faster and more economical.

We do some discussion of #Log-MD, and then we have MIchael demo LOG-MD for us.

Video demo: https://youtu.be/0_J90sOVY8c

log-MD site: http://log-md.com/

RSS: http://www.brakeingsecurity.com/rss

iTunes: https://itunes.apple.com/us/podcast/2015-042-log-md-more-malware/id799131292?i=354715938&mt=2

 

Oct 10, 2015

In our last bit of Derbycon audio, I discussed DerbyCon experiences with Mr. Boettcher, Magen Wu (@tottenkoph), Haydn Johnson (@haydnjohnson), and Ganesh Ramakrishnan (@hyperrphysics).  We find out what they liked, what they didn't like, and you get a lot of great information about packing for a con, things you can do to improve your convention going experience.

Hopefully, you'll hear the amount of fun we had, and find the time to go to a convention. There are literally hundreds, many only few hours by plane away. Some can be found in your own town or within driving distance.

Sep 30, 2015

Mr. Boettcher and I attended Derbycon, and while he was out attending talks, I got invited to do a podcast with some of the other podcasts who were there.  Special thanks to Edgar Rojas, Amanda Berlin, Jerry Bell, Andrew Kalat, Paul Coggin, Tim DeBlock, and everyone else at our recording.  We have a bit more audio that we will post this month, including a discussion of a tool Mr. Boettcher and Michael Gough collaborated on to make windows malware analysis easier to do.

Sep 21, 2015

Last week, we discussed with Shreeraj Shah about HTML5, how it came into being and the fact that instead of solving OWASP issues, it introduces new and wonderful vulnerabilities, like exploiting locally stored web site info using XSS techniques, and doing SQLI on the new browser WebSQL.

So this week, it's all about defensive techniques that you can use to educate your developers against making mistakes that could get your company's web application on the front page of the news paper.

Sep 14, 2015

Shreeraj Shah (@shreeraj on Twitter) came on this week to give us a run-down of some of the issues with HTML5? How can a new standard actually be worse than something like Flash? And why would a standard not address existing OWASP issues, and even create new issues, like the ability of a browser to have a database inside of it managing everything?

This week we discuss HTML5 history, some of the pitfalls, and discuss some of the new technologies found in HTML5 that will create more headaches for agents of infosec.

Sep 7, 2015

When we wanted to have Martin Fisher on, it was to discuss 'Security Mandate vs. Security Influence'. We wanted to discuss why companies treat compliance as more important, and if it's only because business requires it to be done. And if infosec is a red headed stepchild because they often don't have the guidance of a compliance framework.

 

But it ended up going in another direction, with Martin discussing infosec leadership, and how we as agents of infosec should be 'guardrails' instead of 'speed bumps' to business processes and people. It was a great discussion from a veteran healthcare CISO, especially if you're thinking of pursuing a CISO or CSO management track.

 

https://www.manager-tools.com/  -- Manager Tools podcast

Aug 31, 2015

Once you find a vulnerability, how do you handle patching it? Especially when devs have their own work to do, there are only so many man hours in a sprint or development cycle, and the patching process could take up a good majority of that if the vuln is particularly nasty.

One method is to triage your patches, and we discuss that this week with Mr. Boettcher. We also talk about how our respective company's handle patching of systems.

We also discuss what happens when compensating controls run out of effectiveness, and if there is a point at which they no longer are 'compensating' for anything any further.

Aug 24, 2015

Checkbox Security... checklists required to follow by compliance people and many security people have to fall in line, because they often have no choice.

But what if there was a way to use compliance requirements to get beyond the baseline of PCI/SOCII/HIPAA, and get to be more secure?

Megan Wu (@tottenkoph), Mr. Boettcher, and I spent a bit of time discussing just that. We discuss basic issues with compliance frameworks, how to get management to buy-in to more security, and even how you can get Compliance people to help without them knowing it.

Aug 16, 2015

After last week's discussion of end-user training in the SANS top 20 security controls, we realized that it would be great to discuss how a company involved in training does proper training.

 

So we hit up our sponsor at Cybrary.it to discuss their end-user security training track and how companies can use it to help their employees to be more secure in their workplace.

 

We end the podcast with a bit of audio from the Bsides Austin blue/red panel Mr. Boettcher moderated. He asked them about training and it's worth. The first answer from Justin Whitehead is telling as to how he believes training will fail regardless. His answer was chilling in fact, and we hope to continue that conversation with him in the future about it.

Aug 15, 2015

For long time listeners of the podcast, back when Brian and I wanted to do the podcast, we were working at the same company, and the first podcast we did was on hashes. 

 

Bob story: Bob was getting tired of explaining what MD5, SHA1, SHA2 were to developers, so as we were developing our idea for the podcast, this was the first episode we had. Mr. Boettcher had several ideas for podcasts prior to.

I was actually gonna go it alone, but wanted him to join me. Thankfully, he broached the idea of being on the podcast. This was actually the second take, as the first one was done in our office and we didn't want any legal issues doing it at work, so we trahed that one and made this version. I thought the first take was better, but what are gonna do... :)

 

Aug 10, 2015

End User training.  Lots of companies have need of regular security training. Many treat it as a checkbox for compliance requirements, once a year.  With the way training is carried out in many organizations, is it any wonder why phishing emails still get clicked, passwords still get compromised, and sensitive information is still leaked.

We discuss methods to make training more effective, and how to make people want to do training.

Finally, we dicsuss Capture-The-Flag competitions, and why it would behoove blue team people to attempt them. They become a great barometer for understanding your shortcomings, and what you as a blue teamer might need to study up on...

Aug 3, 2015

Katherine Carpenter is a privacy consultant who has worked all over the world helping to develop guidelines for ethical medical research, sharing of anonymized data, and helping companies understand privacy issues association with storing and sharing of medical data.

 

This week, we discuss how companies should assign value to their data, the difficulties of doing research with anonymized data, and the ramifications of research organizations that share data irresponsibly.

 

email contact: carpenter.katherinej@gmail.com






http://jama.jamanetwork.com/article.aspx?articleid=192740

 

https://depts.washington.edu/bioethx/topics/consent.html



https://en.wikipedia.org/wiki/De-anonymization

https://en.wikipedia.org/wiki/Data_anonymization

https://en.wikipedia.org/wiki/De-identification

 

https://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principles

 

http://www.nature.com/news/privacy-protections-the-genome-hacker-1.12940

 

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html

 

https://en.wikipedia.org/wiki/Information_privacy_law

 

http://www.theguardian.com/technology/2015/apr/06/data-privacy-europe-facebook

 

http://www.theguardian.com/technology/2015/jun/15/eu-privacy-laws-data-regulations

 

http://www.theatlantic.com/technology/archive/2013/01/obscurity-a-better-way-to-think-about-your-data-than-privacy/267283/

 

http://fusion.net/story/171429/app-genetic-access-control-genes-dna-for-password/



###

 

Katherine’s note, comment, and links.

It is good to be thinking about de-identification (especially regarding health care data)

 

I think a better question to ask is how easy is it to re-identify information that has been de-identified. The HIPAA rule has 18 Identifiers which count as Personally Identifiable Information (PII) or Personal Health Information (PHI) include birth date, zip code, and IP address; When data is collected in non-health contexts, these identifiers are not considered PII/PHI (for example: this kind of information can be used for marketing purposes or financial/credit-related purposes).

 

A brief history on the topic:

in 1997 a precocious grad student IDed the Governor of MA using purchased voter records to reID deIDed health information that was released. (This study was one motivator to pass HIPAA.) Further research along the same lines of the previous project can be summed up with a simple and scary statistic: in 2000, 87% of Americans may be uniquely identified by combining zip code, birthday and sex(gender).

 

For this reason, health information is threatened not only by deID’n & reID’n, but by the combination of and other types of information that are publicly available or available for purchase and could reveal things about an individual that would contribute to reID of individual’s health info.

 

Here are a bunch of articles that discuss the topic from different angles.

 

http://arstechnica.com/tech-policy/2009/09/your-secrets-live-online-in-databases-of-ruin/

 

https://datafloq.com/read/re-identifying-anonymous-people-with-big-data/228

 

http://www.bloomberg.com/news/articles/2013-06-05/states-hospital-data-for-sale-puts-privacy-in-jeopardy

 

https://epic.org/privacy/reidentification/

 

http://news.harvard.edu/gazette/story/2011/10/you%E2%80%99re-not-so-anonymous/

 

Dwork, C. and Yekhanin, S. (2008), “New Efficient Attacks on Statistical Disclosure Control Mechanisms,” Advances in Cryptology—CRYPTO 2008, to appear, also at http://research.microsoft.com/research/sv/DatabasePrivacy/dy08.pdf

 

Is Deidentification Sufficient to Protect Health Privacy in Research?

Mark A. Rothsteinhttp://www.ncbi.nlm.nih.gov/pmc/articles/PMC3032399/



Jul 26, 2015

 In an incident response, the need for clear communication is key to effective management of an incident. This week, we had Mick Douglas, DFIR instructor at SANS, and Jarrod Frates, who is a pentester at InGuardians, and has great experience handling incidents. Find out some roles in an incident response (the Shadow, the event coordinator, the lead tech), and how companies should have an IR plan that handles various 'incident severities'.

Jarrod updates us on "TheLab.ms" and how you might like to help them! 

Finally, We are holding a contest to win a ticket to DerbyCon, full instructions are below. We are giving away two tickets. 

DerbyCon 1st Ticket contest expires 31 July 2015. 

 

1.     To enter for a ticket to DerbyCon

a.     A donation must be made to Hackers for Charity (http://www.hackersforcharity.org/)

b.     Once the donation is made, email your receipt of your donation to bds.podcast@gmail.com

c.     If you win:  We will contact you by the email you mailed the receipt from with our contact information. You will need to contact us when you get to DerbyCon, as we will not send you the ticket directly. You will also be responsible for airfare and accommodations at DerbyCon.

Jul 18, 2015

Strap yourselves in ladies and Gentlemen.  With Mr. Boettcher gone on "vacation" this week, I needed some help with the podcast, and boy did we pick a doozy.  If you're a fan of Turing Complete algorithms, frankly, who isn't ;) , we had Ms. Fabienne Serrière (@fbz) and Ms. Magen Wu (@tottenkoph) who discuss higher order math and psychology on our podcast this week.

We also discuss a little project management and even talk about why proper survey sizes and getting a good cross-section is important.

 

Be sure to pick up one of Ms. Fbz's scarves, especially if you're a math nut, and love fracctals and patterns as I do.

Kickstarter: https://www.kickstarter.com/projects/fbz/knityak-custom-mathematical-knit-scarves

Elementary Cellular Automaton : http://mathworld.wolfram.com/ElementaryCellularAutomaton.html

Turing Complete:  https://en.wikipedia.org/wiki/Turing_completeness

Sierpinski Triangle: https://en.wikipedia.org/wiki/Sierpinski_triangle

Chomsky Hierarchy: https://en.wikipedia.org/wiki/Chomsky_hierarchy

Hammer/LangSec: https://github.com/UpstandingHackers/hammer

Sergey Bratis: http://www.cs.dartmouth.edu/~sergey/

Stego Hats: http://www.ravelry.com/projects/fbz/pseudo-random-reversible-hat

SeaSec East: http://www.meetup.com/SEASec-East/

1 2 3 Next »