Magmatic Security Squawk Box - Podcast
By Sean OConnel
To listen to an audio podcast, mouse over the title and click Play. Open iTunes to download and subscribe to podcasts.
If you are an user, administrator or businesses that relies on Macs, iPhones and iPads everyday, you are no longer alone in the security industry wilderness. Magmatic Security Squawk Box is a security focused Pod Cast made by Mac people for Mac people. Join Sean OConnell of Magmatic.com for a look at the security risk and threats that administrators and users of the great devices which make up the Apple ecosystem need to be informed about. Magmatic Security Squawk Box Podcast, in conjunction with their response center, will provide audio and video updates during significant incidents In addition to monthly analysis on security headlines from the perspective of Apple enthusiast.
||Security Squawk Box Podcast Episode 5||This Weeks Topics This week I discuss Mavricks and iOS 7, the rumor mill of badBIOS, hoax, bad day or something else. Finally, you can expect to hear more regular podcast in the future. A project that was a game changer for Magmatic has now been completed. We expect 2014 to be a real game changer for us. We have lots of tools and ideas we are really excited about. iTunes Preview||11/4/2013||Free||View in iTunes|
||SECURITY SQUAWK BOX PODCAST EPISODE 4||This Weeks Topics This week I discuss Oracle's Java 1.7.0_09 for Mac OSX. While the System Preference Pane is a welcome addition it would be nice if it actually worked. After several months of using Gatekeeper it is official, I love it and you should too. Gatekeeper provides a host of protection against rouge developers. Best of all it stops rouge Java APPS in their tracks. Sandy reminds us all of what is important, that includes having a backup of critical data and the capability to keep your customer facing resources up and running. iTunes Preview||11/5/2012||Free||View in iTunes|
||Security Squawk Box Podcast Episode 3||This Weeks Topics Adobe Flash, Reader, Acrobat and Shockwave Updates iOS SMS Spoofing and Phishing This week we discuss the recent Adobe updates. While no specific threat in the wild currently targets Mac OSX there are zero days targeting unpatched versions on the Windows platform. Criminals have regularly used the Adobe update cycle as cover to fool Mac users into installing malicious software, usually in the form as a Flash Player. SMS protocol is vulnerable to spoofing, this includes all version of iOS. A recent release of a tool to make this process easier can allow a criminal to create SMS Phishing messages, what is called SMiShing. The pattern is similar to email phishing as are the defenses, do not visit links sent via unsecure comminication. There are a host of tools that this proof of concept was built off of. Some that requirer your iPhone to be Jail Broken, something you should never do. (See Reference Links) I consider this really low risk. Using iMessage prevents this form of attack, so for clients or users that are Mac/iOS based use iMessage. Lastly I have some thoughts on Cloud based services. It is important that businesses and users realize that while the data is in the cloud, the responsibility for compliance and security is completely their responsibility. iTunes Preview||8/22/2012||Free||View in iTunes|
||Security Squawk Box Podcast Episode 2||This Weeks Topics Social Engineering iCloud, The Curious Case of Mat Honan. Gatekeeper Code Signing. Summary This week I give my take on the Apple ID account compromise of Former Journalist for Gizmodo, Mat Honan. I address some of the issues companies have to consider when working with Free-lancers who bring their own devices or their own eco-systems into your security umbrella. There are various Risk that need to be considered from a host of perspectives. I explain why it is important to have control over your backups. Next I touch on the issue of code signing in Mountain Lion. User can override and set exceptions but the only way to manage these exceptions from the administrator perspective is via a command line tool called spctl. I argue that for most users and organizations, code signing make security sense and eliminates RISK, especially if code review is outside the scope of your business. Finally, my commentary on why now is the day to turn off Java on your Mac, eliminate the RISK of crime ware using Java. iTunes Preview||8/6/2012||Free||View in iTunes|
||Security Squawk Box Podcast Episode 1||This Weeks Topics Drop Box Spam Icon Decoys Java RISK and Updates Summary This week I address something old and something new. What do we need to consider after the recent revolation by Dropbox that an employee was compromised resulting in malicious actors gaining access to the email addresses of account holders. I then discuss the social engineering method of Icon Decoying. A method that has been used over the last several months by criminals with mixed success. Last we discuss Java and touch on how to manage RISK using the Java Preferences.app. iTunes Preview||8/2/2012||Free||View in iTunes|