Live via Skype from the Casa del Pesce....
This episode was unfortunatley not broadcast over SkypeCast. Paul is off on his honeymoon this week...so the audio is not the greatest, but not all that bad. Do look for us next week in our IRC chatroom #pauldotcom on Freenode (irc.freenode.net).
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
- Please go update our frapper map!
- Full Show Notes
Hosts: Larry Pesce, "Twitchy", Kevin Devin
Email: psw@pauldotcom.com
As stated in the episode, I'm a gentleman, and as such, will refrain from posting the answer to the Syngress question two weeks in a row ;).
I've sent my email claiming victory for the previous week though.
Relating to the discussion on holding developers responsible for the errors in their code, the radiation therapy incident(s) discussed are standard fare for all computer ethics courses I believe. If you haven't read it before for a class, I highly recommend reading the Therac-25 accident report at:
http://sunnyday.mit.edu/therac-25.html
Even if you're like me and have mixed feelings about accountability, the report is chilling with the description of the patients' fate. It's also a good example of a race-condition flaw, of interest to security geeks, as a large part of the problem was the PDP-11's inability to properly lock variables in memory in multithreaded programs (lack of a test-and-set instruction).
Something to geek out on.
Great podcast this week.
Wesley
From http://csrc.nist.gov/publications/drafts/DRAFT-sp800-88-Feb3_2006.pdf
Destroy in order of recommendations.
1. Shred
2. Smelt. Destroy PCMCIA devices by smelting in an EPA-approved furnace at 1,600 degrees Celsius or higher.