In this episode we talk about the latest named vulnerability OptionsBleed.  Is it all that it is cracked up to be? And is the security news industry headed into chicken little territory with FUD like this?

Next up, NIST has released new guidelines for authentication which contain some changes to how we are doing passwords.  We discuss what this means and how businesses and users can adapt.

Lastly a couple of articles regarding what incentives are needed for businesses to start taking security seriously raises a topic that we have discussed tangentially on the podcast before.  Is government intervention necessary in some sectors that harbor personally identifiable information?

All this, and some goofy laughs ahead, on the 2 Dropped Tables and a Microphone Podcast.

Topic 1 – OptionsBleed

https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html

OptionsBleed is the latest ‘named’ vulnerability to come out and there was initially and still is a lot of overblown reaction and craziness related to this vulnerability.  What is it, what is the risk, how to check if you are vulnerable and how do we feel about the current level of reaction, or perhaps overreaction, to vulnerability releases.

Topic 2 – Passwords. NISTs latest suggestions 

The latest draft guidelines from NIST regarding passwords have some suggestions that are not so surprising to security professionals but go against current conventional wisdom.

What do we all think? Good ideas? Can we implement these?

https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ 

https://www.passwordping.com

Topic 3 – Security’s #1 Problem: Economic Incentives 

Something that we have discussed before on the show is that a large part of the current security breach problem is the lack of economic incentives for businesses (that either produce software or hardware or services) to do security even reasonably well.

I stumbled upon an article in Dark Reading that talks about this and a blog post from Bruce Schneier that went into the affects of the Equifax breach and how that relates to this problem.

What do we think?  Is this the #1 problem?  What can be done to enforce an economic incentive on these companies?

https://www.darkreading.com/vulnerabilities—threats/securitys–1-problem-economic-incentives/a/d-id/1329939? 

https://www.schneier.com/blog/archives/2017/09/on_the_equifax_.html 

 

Intro and Exit music from Bensound.com

Leave a Reply

Your email address will not be published. Required fields are marked *

2 Dropped Tables and a Microphone © 2017