Monday, February 23, 2009

Security Now! - a good security podcast for learning security.

I've listened to a number of security podcasts and most are targeted at either IT professionals who need to know about the latest security threats for their job, or at security professionals with in-depth discussions of the latest research or threats.

From these experiences, I wanted to mention the Security Now! podcast, which has a decidedly educational slant to it that would suit people who want to learn about security. It's not for absolute beginners, some basic understanding of information technology is required, but for someone with a basic computer understanding wanting to learn about security, it's as good as anything I've found.

The hosts, Steve Gibson and Leo LePorte, have lively personalities and do a good job of being entertaining, something not ubiquitous in the world of security podcasts. I have to give them kudos as they have managed to discuss security weekly for over three years now, being up to episode 184 at the time of this writing (granted, every other episode is question and answer).

Here are some specific observations about the show:
  • Steve and Leo are primarily Microsoft Windows users. A lot of what they discuss isn't Windows-specific, but you aren't going to hear much of anything about Macs or Linuxon the show.
  • "TWIT" doesn't refer to a twit but instead stands for This Week In Tech, another podcast Leo does (which I admit I have not listened to).
  • As I mentioned above, every other episode is listener Q&A, which often leads to explanations of complicated issues they previously covered and serves to be educational.
  • While Steve does a good job of preparing technical matter for shows, be a little wary of surprise issues that come up. I've seen them jump to erroneous conclusions at times, Leo in particular. To their credit, they do correct themselves in a subsequent show's errata or, once with a particular bad misunderstanding, Leo will edit in a correction before the podcast is distributed.
So, if you are interested in learning a little more about security, I recommend giving Security Now! a try. The show is available for subscription, direct download and transcripts are also available, all from Steve's web site.

Tuesday, February 17, 2009

Good post on passwords on Daily Cup of Tech

Daily Cup of Tech has a good post discussing what makes for a weak password (that is a password that is easily guessable) and some tips on creating a good password (including a printable worksheet for creating a strong password). Very much in line with my previous post on the subject.

Monday, February 9, 2009

Good discussion on biometrics as authentication

This article by Steve Riley of Microsoft has a good discussion of identity versus authentication and the limitations of biometrics for doing authentication.